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EMPTY THREAT OR SERIOUS DANGER: AS- 
SESSING NORTH KOREA’S RISK TO THE 
HOMELAND 


Thursday, October 12, 2017 


U.S. HOUSE OF REPRESENTATIVES, 
COMMITTEE ON HOMELAND SECURITY, 
SUBCOMMITTEE ON OVERSIGHT AND 
MANAGEMENT EFFICIENCY, 
Washington, DC. 


The subcommittee met, pursuant to notice, at 2:02 p.m., in room 
HVC-—210, Capitol Visitor Center, Hon. Scott Perry (Chairman of 
the subcommittee) presiding. 

Present: Representatives Duncan, Higgins, Estes, Perry, Correa, 
Rice, and Barragan. 

Also present: Representative Jackson Lee. 

Mr. PERRY. Good afternoon, everybody. The Committee on Home- 
land Security, Subcommittee on Oversight and Management Effi- 
ciency will come to order. 

The purpose of this hearing is to examine the risks posed by 
North Korea to Homeland Security, and recommendations for the 
Department of Homeland Security to be better prepared to mitigate 
these risks. The Chair recognizes himself for an opening statement. 

It is no secret that Kim Jong-un and his maniacal regime in 
North Korea have ratcheted up tensions with the United States at 
an alarming rate. With the knowledge that North Korea conducted 
over 20 missile tests on over a dozen different occasions between 
February and September 2017, including tests of intercontinental 
ballistic missiles, many Americans and our allies around the globe 
remain on edge. However, Americans may rightly wonder about 
North Korea’s ability to threaten the homeland directly. 

Intelligence from the hermit kingdom is oftentimes inconsistent 
and limited. Despite these intelligence challenges, information that 
has been gathered is reason enough for alarm. For example, accord- 
ing to media reports, two North Korean shipments to a Syrian gov- 
ernment agency responsible for the country’s chemical weapons 
program were intercepted in the past 6 months. While these re- 
ports did not detail exactly what the shipments to Syria contained, 
this is not the first time a North Korean ship has been seized due 
to carrying suspected missile system components. In 2013, a North 
Korean ship was intercepted in the Panama Canal with false mani- 
fests, and hidden under legitimate cargo parts for fighter jets and 
rockets. 
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In addition, according to the Council on Foreign Relations, recent 
estimates suggest that North Korea’s nuclear weapons stockpile 
comprises 10 to 16 nuclear weapons, and has the potential to grow 
rapidly by 2020 to potentially 125 weapons. Furthermore, the Cen- 
ter of Nonproliferation Studies estimates North Korea has between 
2,500 and 5,000 metric tons of chemical weapons. And as we are 
all aware with the assassination of Kim Jong-un’s half brother with 
a deadly nerve agent, those weapons have already been put to use. 

Whether or not North Korea intends to act on any of its threats 
to the United States directly, we must also keep in mind that 
Pyongyang is willing and able to supply weaponry, expertise, or 
technology to other hostile nation-states and possibly non-nation- 
state actors that are intent on destroying the United States and 
the freedoms we stand for. 

Former Department of Homeland Security Secretary John Kelly 
stated in April that the most eminent threat from North Korea is 
a cyber threat. North Korea’s increasingly sophisticated cyber pro- 
gram has the ability to pose a major threat to the United States’ 
interests. For example, Federal prosecutors are investigating North 
Korea for a possible role in the international banking system, or 
the SWIFT, hack that resulted in the theft of $81 million from the 
Central Bank of Bangladesh in 2016. In late 2014, the computer 
systems of Sony Pictures Entertainment were infiltrated, which 
was said to have been in retaliation over expressed outrage over 
the Sony-backed film centered on Kim Jong-un. 

With a growing variety of digital threats against the private sec- 
tor and Federal networks, are we prepared to safeguard our infra- 
structure against a North Korean-led cyber attack? While a cyber 
attack from North Korea is a serious risk we face, we cannot dis- 
count other possible threats, such as an electromagnetic pulse, or 
an EMP. An EMP, while some believe as a low probability, has the 
potential to be a catastrophic event that could result in paralyzing 
the United States electric grid and other key infrastructure that 
rely on the electric grid to function. 

Disruption to our power grids would be disastrous. According to 
a 2016 Government Accountability Office, or GAO, report, a major 
EMP event could result in potential cascading impacts on fuel dis- 
tribution, transportation system, food and water supplies, and com- 
munications and equipment for emergency services. 

As North Korea continues its belligerent actions, the United 
States must be prepared to protect the homeland from an array of 
threats. The Department of Homeland Security has a vital role in 
protecting our cyber space and critical infrastructure, and pre- 
venting chemical, biological, radiological, and nuclear terrorism. 

This hearing will allow us to gain a greater understanding of the 
multitude, severity, and probability of threats posed by North 
Korea, and how the Department of Homeland Security can best 
prepare for and mitigate these risks. 

[The statement of Chairman Perry follows:] 
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ratcheted up tensions with the United States at an alarming rate. With the knowl- 
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edge that North Korea conducted over 20 missile tests on over a dozen different oc- 
casions between February and September 2017—including tests of intercontinental 
ballistic missiles, many Americans and our allies around the globe remain on edge. 
However, Americans may rightly wonder about North Korea’s ability to threaten the 
homeland directly. Intelligence from the “Hermit Kingdom” is oftentimes incon- 
sistent and limited. Despite these intelligence challenges, information that has been 
gathered is reason enough for alarm. 

For example, according to media reports, two North Korean shipments to a Syrian 
government agency responsible for the country’s chemical weapons program were 
intercepted in the past 6 months. While these reports did not detail exactly what 
the shipments to Syria contained, this is not the first time a North Korean ship has 
been seized due to carrying suspected missile-system components. In 2013, a North 
Korean ship was intercepted in the Panama Canal with false manifests, and hidden 
under legitimate cargo, parts for fighter jets and rockets. 

In addition, according to the Council on Foreign Relations, recent estimates sug- 
gest that North Korea’s nuclear weapons stockpile comprises 10 to 16 nuclear weap- 
ons, and has the potential to grow rapidly by 2020, to potentially 125 weapons. Fur- 
thermore, the Center for Nonproliferation Studies estimates North Korea has be- 
tween 2,500 and 5,000 metric tons of chemical weapons, and as we are all aware 
with the assassination of Kim Jong-un’s half-brother with a deadly nerve agent, 
those weapons have already been put to use. Whether or not North Korea intends 
to act on any of its threats to the United States directly, we must also keep in mind 
that Pyongyang is willing and able to supply weaponry, expertise, or technology to 
other hostile nation-states, and possibly non nation-state actors that are intent on 
destroying the United States and the freedoms we stand for. 

Former Department of Homeland Security Secretary, John Kelly, stated in April 
that the most imminent threat from North Korea is a cyber threat. North Korea’s 
increasingly sophisticated cyber program has the ability to pose a major threat to 
U.S. interests. For example, Federal prosecutors are investigating North Korea for 
a possible role in the international banking system, SWIFT, hack that resulted in 
the theft of $81 million from the central bank of Bangladesh in 2016. In late 2014, 
the computer systems of SONY Pictures Entertainment were infiltrated, which was 
said to have been in retaliation over expressed outrage over the Sony-backed film 
centered on Kim Jong-un. 

With a growing variety of digital threats against the private sector and Federal 
networks, are we prepared to safeguard our infrastructure against a North Korean- 
led cyber attack? 

While a cyber attack from North Korea is a serious risk we face, we cannot dis- 
count other possible threats, such as an electromagnetic pulse event (EMP). An 
EMP, while some believe as a low probability, has the potential to be a catastrophic 
event that could result in paralyzing the U.S. electric grid and other key infrastruc- 
tures that rely on the electric grid to function. Disruption to our power grids would 
be disastrous. According to a 2016 Government Accountability Office (GAO) Report, 
a major EMP event could result in “potential cascading impacts on fuel distribution, 
transportation systems, food and water supplies, and communications and equip- 
ment for emergency services.” 

As North Korea continues its belligerent actions, the United States must be pre- 
pared to protect the homeland from an array of threats. The Department of Home- 
land Security has a vital role in protecting our cyber space and critical infrastruc- 
ture and preventing chemical, biological, radiological, and nuclear terrorism. This 
hearing will allow us to gain a greater understanding of the multitude, severity, and 
probability of threats posed by North Korea and how the Department of Homeland 
Security can best prepare for and mitigate these risks. 


Mr. PERRY. The Chair now recognizes the Ranking Minority 
Member of the subcommittee, the gentleman from California, Mr. 
Correa, for a statement. 

Mr. CorrEA. Thank you, Chairman Perry. Welcome all our 
guests here today, the panelists. Thank you, sir, for holding today’s 
hearing on threats of North Korea to our great country. Again, I 
thank the witnesses for being here today. 

I also want to take a moment to send my thoughts and prayers 
to those affected by the California, southern California wildfires. In 
my district, many folks very near and dear to me have been evacu- 
ated. My staffers and friends have had to be evacuated from their 
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homes, and a couple of camps receiving those evacuated are actu- 
ally in my district. So our thoughts and prayers are with them as 
well as others in California. 

I also want to thank the first responders for, again, doing the 
work they are doing right now in and around my district. 

Mr. Chairman, while I recognize the seriousness of North Korea 
and threats it poses to us, I just want to take a moment to ac- 
knowledge that we also have to look at those affected by Hurri- 
ee Ty, Irma, and Maria, and I hope we give them attention 
as well. 

Coming back to North Korea, America’s current diplomatic policy 
must be cautious in engaging this individual, this leadership that 
appears to be very unpredictable. Reports do confirm that North 
Korea’s accelerating the pace of its missile testing, devoting more 
of its resources to develop its cyber operations, and threatening to 
create a multifunctional nuclear bomb. 

Recent actions, such as the North Korean-connected hacking 
group that successfully stole $81 million from banks in Bangladesh 
and southeast Asia, show that North Korea is getting more daring 
and much more functional with their cyber operations. 

From the witnesses today, I look forward to hearing from you 
and how this Department of Homeland Security can better protect 
the vulnerable, critical infrastructure of cyber, cyber threats, and 
how we can mitigate such threats here in our country. 

Further, while the probability of an electromagnetic pulse ap- 
pears to be at this time unlikely, North Korea has made it clear 
that it is testing its ability to make a hydrogen bomb capable of 
such destruction. So my question to you is, is an EMP something 
that is a threat at this time or very soon? 

Speaking on his frustration with President Trump, North Korea’s 
leader stated that Trump “denied the existence of and insulted me 
and my country in front of the eyes of the world.” My question in 
this, is this anything new or is this what has been going on for the 
last 20 years? 

I am interested in hearing today from the witnesses in this 
panel, what happens if the unthinkable happens? What would hap- 
pen the first 10, 20, 30 minutes of an all-out war? A hypothetical 
scenario, but I think it is one that we need to be apprised of. 

With that, Mr. Chair, I thank you. I yield back the balance of my 
time. 

[The statement of Ranking Member Correa follows:] 


STATEMENT OF RANKING MEMBER J. LUIS CORREA 


OCTOBER 12, 2017 


I would like to take a moment to send my thoughts and prayers to those in Cali- 
fornia, including my home district, affected by devastating wildfires. Thank you to 
the first responders and local emergency personnel for acting so quickly to evacuate 
impacted areas to save lives and protect property. 

I would also like to take a moment to acknowledge those affected by Hurricanes 
Harvey, Irma, and Maria. I am frustrated by the slow response by FEMA and the 
Trump administration, particularly for Puerto Rico. Instead of blaming victims, 
President Trump should be ensuring his administration gets aid to those without 
water, food, and electricity and working with stakeholders to help devastated com- 
munities recover. 

Further, while I recognize the serious National security threat posed by North 
Korea, I would note that there are pressing matters squarely within this commit- 
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tee’s jurisdiction and oversight responsibilities. I hope we can give them the atten- 
tion they are due. 

In regards to North Korea, America’s current diplomatic policy is a dangerous 
game—to engage in a public threat war with the world’s most unpredictable bully. 
According to experts, President Trump’s unabashedly undiplomatic rhetoric—threat- 
ening to destroy North Korea—has created an impression that it is actually the 
United States, instead of North Korea, that is motivated by aggression. 

Clearly, North Korea is stepping up the pace of its missile testing, devoting more 
resources to further develop its cyber operations, and threatening the creation of a 
multi-functional nuclear bomb with destructive power. 

Recent actions—such as a North Korea-connected hacking group successfully 
stealing $81 million from banks in Bangladesh and Southeast Asia—show that 
North Korea is getting more daring with its cyber operations. 

I look forward to hearing from the witnesses today how the Department of Home- 
land Security can better protect vulnerable critical infrastructure in response to 
cyber threats and provide assistance in mitigation efforts. Further, while the prob- 
ability of an EMP attack is unlikely, North Korea has made it clear it is testing 
its ability to make a hydrogen bomb capable of such destruction. 

Speaking on his frustrations with Trump, North Korea’s leader, Kim Jong-Un, 
stated that Trump “denied the existence of and insulted me and my country in front 
of the eyes of the world.” President Trump’s own words aid North Korea’s propa- 
ganda and create pressure for North Korea to respond with its own provocation. 

I also look forward to today’s witnesses addressing how this administration has 
escalated the situation with North Korea and exacerbated an already-serious foreign 
policy matter. 


Mr. Perry. The Chair thanks the gentleman, and would also like 
to join you in echoing my concerns for those affected in and around 
your district, and of course in California, the wildfires, and the first 
responders, as well as the victims of the recent hurricanes here in 
the continental United States and our citizens in Puerto Rico and 
the Caribbean. 

With that, other Members of the subcommittee are reminded 
that opening statements may be submitted for the record. 

[The statement of Ranking Member Thompson follows:] 


STATEMENT OF RANKING MEMBER BENNIE G. THOMPSON 


OCTOBER 12, 2017 


Undoubtedly, the threat posed by North Korea is one of the most complex chal- 
lenges to our National security. Daily, we hear of North Korea’s targeting our Na- 
tion—including our way of life. These threats, if carried out, could cause unprece- 
dented devastation to our Nation. 

Under the Kim Jong-un regime, North Korea has executed 98 ballistic missile 
tests and 6 underground nuclear tests overall. This year alone, North Korea has 
fired 22 missiles during 15 tests, including an intercontinental ballistic missile 
(ICBM)—a missile that is reported to reach anywhere in the world—launched on 
July 4, 2017. 

Given the relationship between the United States and North Korea, it can be con- 
cluded that the purpose of the tests is producing missiles capable of reaching this 
country. North Korea’s cyber capabilities also raise serious concerns, as the effects 
of cyber warfare can be crippling. 

Along with Russia, U.S. intelligence officials have long considered North Korea 
among the world’s most dangerous cyber actors in terms of their ability to inflict 
damage via computer networks. The intelligence community has warned that North 
Korea has plans to execute a large-scale cyber attack on our critical infrastructure. 

Furthermore, according to a recent and alarming CNN article, a Russian tele- 
communications firm is now providing North Korea a new internet connection, thus 
potentially augmenting North Korea’s cyber attacking capabilities while deepening 
its ties to the Nation responsible for hacking the 2016 U.S. election. 

Today, I see that there is an effort in this body to place a serious focus on this 
threat. That sentiment is not shared down the street at 1600 Pennsylvania Avenue. 
Unfortunately, President Trump seemingly is uninterested in handling this threat 
in a diplomatic fashion. 
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Instead, the President engages in a public “war of words” with North Korean lead- 
er Kim Jong-un, escalating tensions at a time when the need for appropriate sanc- 
tions and strategic diplomacy could not be greater. What is also appalling is the 
President’s focus on disparaging the Nation’s top diplomat and challenging his IQ. 

Instead, the President should devote his attention to the North Korean threat 
rather than tweeting and hurling insults all for the sake of attention. 

I look forward to having a productive discussion on the threats posed by North 
Korea to the United States and the steps the Department of Homeland Security can 
take to mitigate those threats. 


Mr. PERRY. We are pleased to have a distinguished panel of wit- 
nesses before us today. The witnesses’ entire written statements 
will appear in the record. The Chair will introduce the witness first 
and then recognize each of you for your testimony. 

All right. Mr. Frank Cilluffo—is that correct, sir? 

Mr. CILLUFFO. That is correct. 

Mr. Perry. All right—is an associate vice president at the 
George Washington University and director of its Center for Cyber 
and Homeland Security. He previously served in numerous home- 
land security positions in the White House and Homeland Security 
Advisory Council. Welcome, sir. 

Mr. Anthony Ruggiero—is that correct or close enough? 

Mr. RUGGIERO. Close enough. 

Mr. PERRY. OK—is a senior fellow with the Foundation of De- 
fense of Democracies. He served in the Treasury Department as di- 
rector of the Office of Global Affairs and the Office of Terrorist Fi- 
nancing and Financial Crimes, and spent 13 years in various posi- 
tions in the State Department. Welcome, sir. 

Mr. Patrick Terrell is a senior research fellow at the Center for 
the Study of WMD, Weapons of Mass Destruction, at the National 
Defense University. He served in the U.S. Army Chemical Corps 
for 27 years and was the WMD military adviser and deputy direc- 
tor for chemical, biological, radiological, and nuclear defense policy 
in the Office of the Deputy Assistant Secretary of Defense for 
Countering WMD. Sir, thank you for your service and welcome. 

Mr. Jeff Greene is a senior director of global government affairs 
and policy at Symantec, where he leads a team focused on cyberse- 
curity, data integrity, and privacy issues. Prior to joining 
Symantec, he served in staff positions on the Senate Homeland Se- 
curity and Governmental Affairs and House Homeland Security 
Committees and as an attorney with a Washington, DC law firm. 
Welcome, sir. 

Dr. Peter Vincent Pry is a Nationally-recognized expert on elec- 
tromagnetic pulse, or EMP. Dr. Pry was most recently chief of staff 
of the EMP Commission, and has served on the staffs of various 
Congressional commissions related to National security, as well as 
the House Armed Services Committee, and was an intelligence offi- 
cer with the Central Intelligence Agency. Welcome, sir. 

Thank you all for being here today. 

The Chair recognizes now Mr. Cilluffo for an opening statement. 
Sir. 
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STATEMENT OF FRANK J. CILLUFFO, DIRECTOR, CENTER FOR 
CYBER AND HOMELAND SECURITY, THE GEORGE WASH- 
INGTON UNIVERSITY 


Mr. CILLUFFO. Chairman Perry, Ranking Member Correa, and 
distinguished Members of the subcommittee, thank you for the op- 
portunity to testify before you today on such a critical set of issues. 

North Korea poses an increasingly complex and multidimen- 
sional threat to the U.S. homeland. The many facets of the chal- 
lenge include, obviously, the nuclear threat, the missile threat, and 
the proliferation threat. My own remarks will focus on the cyber 
threat. 

As regards to the cyber aspect, it should be flagged up front that 
it is not one-dimensional. To the contrary, it may manifest itself in 
at least three ways: As a stand-alone cyber threat; as a component 
in conjunction with a broader campaign, i.e., military or kinetic 
means; or as an indicator of an attack or campaign that is yet to 
come, the cyber equivalent of intelligence preparation of the battle- 
field or the mapping of our critical infrastructures. 

At a conference we co-hosted with the Central Intelligence Agen- 
cy just last week, a senior CIA official described North Korea as 
between bookends: The fear of Chinese abandonment on the one 
hand and the fear of U.S. strike on the other. The official stated 
further that North Korea exists to oppose the United States, and 
that Kim Jong-un defines winning as staying in the game. It is 
against this background, the overriding survival of the Kim regime 
and the Songun or military-first policy, that the North Korean 
cyber threat must be considered and evaluated. 

In terms of the bottom-line up-front, the cyber threat is already 
here. It is persistent, on-going, and comes in various guises and 
forms. The battlefield today includes the traditional air, land, sea, 
space, but increasingly cyber space, which is simultaneously its 
own domain and transcends all the other domains. 

The question is if and when the North Korean cyber activity es- 
calates, moving higher up the chain of conflict, going beyond tradi- 
tional computer network exploit and cyber crime to bigger and 
more destructive attacks. If so, what are the primary targets? How 
can we thwart the attacks or minimize the impact through contin- 
gency planning and building resilience into our networks and sys- 
tems? 

At the high end of the threat spectrum are nation-states whose 
military and intelligence services are integrating computer network 
attack and computer network exploit into their warfighting strat- 
egy and doctrine. 

North Korea is one of a small handful of countries that top the 
list from a U.S. National security perspective. While many of the 
details of their actual cyber warfare capabilities are shrouded in se- 
crecy, we do know that North Korea has invested heavily in build- 
ing out their cyber capabilities. A 2015 report by the South Korean 
defense ministry estimates that the North Korean cyber army em- 
ploys an elite squad of 6,000 hackers. This number has likely in- 
creased, and it’s worth noting that many of these hackers operate 
outside of Pyongyang, in northeast China and Southeast Asia. 
While not up yet up to par with the likes of say, Russia or China, 
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what North Korea may lack in capability, it unfortunately more 
than makes up for with intent. 

North Korea has engaged in both extensive espionage as well as 
disruptive and destructive activities or CNA. They operate without 
compunction. Recent reports of pilfering of Classified information 
from the South Korean military and the targeting of U.S. energy 
companies and other industrial control systems here is troubling 
and reflective of their persistent espionage. The attack on Sony is 
just one example of a destructive activity. There are sadly many, 
many more in South Korea. 

But perhaps what differentiates North Korea from other cyber 
actors is that they have turned to cyber crime to raise revenue, in- 
cluding funding their nuclear aspirations, especially given recent 
sanctions that are levied upon them. They have been pegged as the 
likely culprit, as both you, Mr. Chairman, and the Ranking Mem- 
ber have highlighted, behind a string of cyber bank robberies as far 
as Poland, but also the SWIFT hack on the Central Bank of Ban- 
gladesh, hacks against bitcoin and other cryptocurrency exchanges, 
and the WannaCry ransomware attack, which impacted 150 coun- 
tries. 

If past is prologue, we ought to be prepared for a further spike 
in North Korean cyber crime. While the cyber twists may be rel- 
atively new, such behavior is not. North Korea has long turned to 
criminal activity, such as counterfeiting, currency, cigarettes, phar- 
maceuticals, to fill its coffers. Whereas traditionally forces of crime 
seek to penetrate the state, in the case of North Korea, the opposite 
is true, with the country often using diplomatic cover to pursue ille- 
gal activities. In essence, they are using national collection means, 
using all source intelligence for criminal gain or more aptly to be 
compared to as a state sponsor of cyber crime. 

One word on what we do about this. Bottom line, we need to 
train more and better, we need to exercise. I think contingency 
plans are really important, make the big mistakes on the practice 
field, not when it is game day. DHS has done some good work in 
terms of sharing of information intelligence, such as HIDDEN 
COBRA, where they provided TTPs and indicators of North Korean 
activity. This is so vital because that is going to be the warning. 
nt is going to be the indicator that something bigger may be 
afoot. 

In terms of the broader threat picture, other potential scenarios 
like EMP, that will require a much broader response, and it will 
need to include partners like DOD, as DHS and the utilities would 
likely be overwhelmed in such a scenario. I hope there is more time 
to get into that during the Q&A. 

Thank you, Mr. Chairman. 

[The prepared statement of Mr. Cilluffo follows:] 


PREPARED STATEMENT OF FRANK J. CILLUFFO 


OCTOBER 12, 2017 


Chairman Perry, Ranking Member Correa, and distinguished Members of the sub- 
committee, thank you for the opportunity to testify before you today on this subject 
of National importance. North Korea poses an increasingly complex and multi- 
dimensional threat to the U.S. homeland. The many facets of the challenge include 
the nuclear threat, the missile threat, and the proliferation threat—which encom- 
passes North Korea’s role in the global arms trade of conventional and non-conven- 
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tional weapons. Other experts testifying before you today will focus on these and 
other aspects of the problem. My own remarks will focus on the cyber threat, though 
I will also touch on the issue of electromagnetic pulse (EMP). As regards the cyber 
aspect, it should be flagged upfront that it is not unidimensional. To the contrary, 
it may manifest in at least three ways: As a stand-alone cyber threat; as a cyber 
component of a broader campaign that makes use of other means (e.g., military); 
or as an indicator of an attack or campaign that is yet to come (cyber intelligence 
preparation (IPB) of the battlefield or mapping of critical infrastructure). After as- 
sessing the threat, I will turn to the role that DHS can and should play in coun- 
tering that threat. 


THE CYBER THREAT THAT NORTH KOREA POSES TO THE U.S. HOMELAND 


At the Central Intelligence Agency (CIA)’s fourth annual public conference on the 
Ethos and Profession of Intelligence (co-hosted by the George Washington Univer- 
sity Center for Cyber & Homeland Security), a senior CIA official described North 
Korea as between “bookends”—the fear of Chinese abandonment on the one hand, 
and the fear of a U.S. strike on the other. The official stated further that North 
Korea “exists to oppose the United States,” and that Kim Jong-un “defines winning 
as staying in the game.”! It is against this background, the overriding survival of 
the Kim regime and the “Songun” or military first policy, that the North Korean 
cyber threat must be considered and evaluated. 

In prepared testimony before the full committee? and one of your counterpart sub- 
committees,? I have set out in some detail the nature of the cyber threat that North 
Korea poses to the U.S. homeland. Today I will build further upon that baseline. 
At the high end of the cyber threat spectrum are nation-states whose military and 
intelligence services are both determined and sophisticated in the cyber domain and 
are integrating computer network attack (CNA) and computer network exploit 
(CNE) into their warfighting strategy and doctrine—North Korea is one of a small 
handful of countries that top that list from a U.S. National security perspective. 
While many of the details about North Korea’s cyber warfare capabilities are 
shrouded in secrecy (the same is true of their military capabilities writ large), we 
do know that North Korea has invested heavily in building cyber capabilities. A 
2015 report by the South Korean Defense Ministry estimates that the North Korean 
“cyber army” employs an elite squad of 6,000 hackers, many of whom operate 
abroad in northeast China and throughout South East Asia. And, what North Korea 
may lack in capability, it makes up for with intent. 

North Korea has engaged in both disruptive and destructive activity in the cyber 
domain—meaning both computer network exploitation (CNE) and computer network 
attack (CNA; as distinct from espionage). North Korea operates without compunc- 
tion, targeting U.S. companies; the most notorious case being the attack on Sony 
Pictures Entertainment. North Korea is just as aggressive within its region: In 
2017, there has been a major increase in North Korean cyber attacks (attempted 
and successful) targeting South Korean companies and government.® Senior Japa- 
nese cybersecurity officials confirmed this in recent meetings, and expressed signifi- 
cant concern about the increase in volume and the level of boldness of North Korean 
cyber activity. Recent news articles revealing alleged U.S. cyber activities aimed at 
stymieing North Korea’s ballistic missile program will likely serve to increase the 
likelihood of additional North Korean cyber attacks. 

In order to raise revenue—and under particular pressure from sanctions imposed 
recently by the international community (including key trading partner China), fol- 
lowing North Korean nuclear and missile testing—North Korea has turned to cyber 
crime, and is the prime suspect in a string of bank heists throughout Asia (SWIFT 
hack), as well as reportedly targeting “bitcoin and other virtual currencies” for theft 


1https:/ /www.youtube.com /watch?v=a-N_NqVe__uc&list=PL-bQ6__vfcHO5kAK-AX3uGxjLk- 
ObVDhE30&index=2. 

2 https:/ oe u.edu/sites/cchs.gwu.edu/ files / Cilluffo%20Testimony%20for%20HHSC%203- 
22-2017.pdf. 

3https:/ /cchs.gwu.edu/ sites /cchs.gwu.edu/files /downloads/HHSC _Testimony__Feb%2025- 
2016 Final.pdf. 

4Martin Anderson, “North Korea’s Internet Tundra Breeds Specialised ‘Cyber Forces’ Num- 
bering 6,000,” The Stack, January 7, 2015. https:/ /thestack.com/ security / 2015/01/07 /north-ko- 
reas-internet-tundra-breeds-specialised-cyber-forces-numbering-6000. 

5 Charlie Campbell, “The World Can Expect More Cybercrime from North Korea Now that 
China has Banned its Coal,” Time, February 19, 2017. http:/ /time.com/4676204 /north-korea- 
cyber-crime-hacking-china-coal /. 
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(FireEye report).6 It has also been reported that the country is “widely believed to 
be behind the WannaCry [ransomware] cyber attack which spread to more than 
300,000 computers across 150 countries.” 


STATE SPONSOR OF CYBER CRIME 


If past is prologue, we ought to be prepared for a further spike in North Korean 
State-sponsored and/or State-supported cyber crime. The former head of the United 
Kingdom’s Government Communications Headquarters (GCHQ) reinforced this 
point the other day, stating bluntly, “They’re after our money.”’ While the cyber 
twist may be relatively new, such behavior is not: North Korea has long turned to 
criminal activity, such as counterfeiting (of currency including so-called super-notes, 
pharmaceuticals, and cigarettes), to fill its coffers. In this way, the regime engages 
criminal proxies and their cyber prowess to help achieve the ends that will perpet- 
uate the regime’s survival. This convergence of nation-state and criminal forces 
heightens the dangers posed by both. Whereas, traditionally, it has been the forces 
of crime that seek to penetrate the state; in the case of North Korea, the opposite 
is true, with the country often using diplomatic cover to pursue illegal activities. 

North Korea’s cyber strategy and tactics must be understood in broader context, 
as part and parcel of other geopolitical tools and goals (military, political, economic). 
The country’s cyber capabilities are just one weapon in their arsenal, to be used in 
conjunction with other elements and for the purpose of achieving a wide range of 
goals and objectives. When assessed and appreciated in this way, North Korea’s 
cyber activity may portend a broader campaign (including military operations), and 
thereby serve as an indicator or early warning of the intent to strike in other do- 
mains. And, cyber crime is undoubtedly helping fund North Korea’s nuclear and 
missile programs. At the same time, from a cyber standpoint, North Korea is less 
vulnerable (relative to the countries it targets) to retaliation in-kind, since North 
Korea is not “wired” like most other nation-states. To the extent that the country 
is connected to the internet—for military and intelligence purposes, for example— 
it appears that efforts have been made to protect and maintain that cyber capability 
and resilience, by diversifying connectivity: Just days ago, it was reported that a 
Russian firm will provide North Korea with a second internet connection, thereby 
decreasing reliance on the previously single connection that a Chinese firm had pro- 
vided; and expanding North Korea’s cyber attack capability. There has also been 
chatter about Russian criminal support of North Korea’s cyber activities. 

A further risk for the United States is electromagnetic pulse (EMP), which in- 
cludes the threat posed by directed energy weapons. As defined by the Department 
of Energy, EMPs “are intense pulses of electromagnetic energy resulting from solar- 
caused effects or man-made nuclear and pulse-power devices.”? Nuclear EMP in par- 
ticular—generated by detonating a nuclear device at a high altitude—would have 
catastrophic effects for the electricity, communications, transportation, fuel, and 
water sectors (including others). EMP is a threat that the United States must ad- 
dress from both a strategic and operational perspective. In connection with North 
Korea, it may be tempting to think in binary terms; but we do so at our peril, for 
cyber tools/attacks, EMPs, missiles, kinetic actions, and so on, are not “either/or” 
propositions. To the contrary—and, especially, if North Korea does not have the req- 
uisite launch capacity for its missiles (be they nuclear-tipped or conventional)—the 
country may turn to some combination of the foregoing (i.e., cyber plus . . . ). Sig- 
nificantly, just last month North Korea publicly stated, for the first time, that they 
have developed a hydrogen bomb that can be detonated at high altitudes thereby 
signaling “interest and ability in an EMP attack.”!° While the probability of first 
use may currently be relatively low, the potential consequences and impact could 


6Luke McNamara, “Why is North Korea So Interested in Bitcoin?” (September 11, 2017), 
https:/ /www.fireeye.com / blog /threat-research / 2017 / 09 /north-korea-interested-in-bitcoin.html. 
See also Ryan Browne, “North Korea appears to be trying to get around sanctions by using 
hackers to steal bitcoin,” (September 12, 2017), https://www.cnbc.com/2017/09/12/north- 
korea-hackers-trying-to-steal-bitcoin-evade-sanctions.html. 

7Harvey Gavin, “Hacking warning: Kim Jong-Un’s henchmen to step up cyber attacks and 
target city of London,” Express (October 1, 2017), http:/ /www.express.co.uk /news /uk/ 861007 / 
north-korea-hackers-target-uk-banks. 

8 Reuters Staff, “Russian firm provides new internet connection to North Korea,” Reuters (Oct. 
2, 2017), http:/ /www.reuters.com / article /us-nkorea-internet /russian-firm-provides-new-internet- 
connection-to-north-korea-idUSKCN1C70D2?il=0. 

°https:/ /energy.gov/sites/prod /files/2017/01/f34/DOE%20EMP%20Resilience%20Action%- 
20Plan%20January%202017.pdf (at page 1). 

10 Anthony Furey, “North Korea openly threatens EMP attack for the first time, changing the 
game,” Toronto Sun (September 3, 2017), http:/ /m.torontosun.com/2017/09/03/north-korea- 
openly threatens-emp-attack-for-the-first-time-changing-the-game. 
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be catastrophic and, therefore, the possibility must be taken seriously and treated 
accordingly. 

The chart on the following page captures, at a glance, the multidimensional na- 
ture of the North Korean cyber threat; and contextualizes it with selected examples. 


NORTH KOREA—CYBER THREAT ACTOR 


Strategy Discriptor Example 


Computer Network Attack Disruptive or destructive | Hack of SONY Pictures 
(CNA). in nature, cyber-spe- Entertainment Inc. 
cific/exclusive or in com- 
bination with kinetic 
military operations. 


Computer Network Exploi- Espionage (military, eco- Persistent, on-going, 
tation (CNE). nomic, and diplomatic), across a range of sectors 
cyber IPB of critical in- and targets 


frastructure can provide 

important indicators & 

warning of a broader 

campaign and attack 

plans (order of battle). 

Cyber crime .......ceeeeeeeeee Theft, ransomware, etc. .... SWIFT hack, bank and 

bitcoin theft, Wanna 
Cry ransomware 


THE ROLE OF THE DEPARTMENT OF HOMELAND SECURITY 


Preparing for cyber threats from state actors such as North Korea requires a 
multidimensional response. Accordingly, all elements of statecraft—diplomatic, eco- 
nomic, law enforcement, intelligence, military, emergency preparedness, and so on— 
should be considered and integrated, as appropriate (including in contingency 
plans). Whatever the Department of Homeland Security (DHS) does, it must be un- 
dertaken with the preparatory efforts of its various partners in mind—including, in 
particular, the Department of Defense and the private sector. Actions to protect and 
enhance the resilience of critical infrastructure, moreover, should be undertaken in 
a manner that recognizes, addresses, and integrates the full spectrum of threats, 
from cyber to EMP and beyond. There is a need to begin planning and exercising 
in earnest for various scenarios including EMP—which would have impact beyond 
DHS and USS. utilities, given the importance of the electric grid and its inter- 
dependencies with all other “lifeline” critical infrastructures. 

Policy and programs must not only cohere at the strategic and operational levels 
within DHS, within the interagency, and across the public/private sector (to ensure 
that public and private-sector efforts and initiatives are pulling in the same direc- 
tion). Policy and programs must also complement and leverage those of our inter- 
national allies and partners, in order to be maximally effective. Others, beyond the 
United States, could and should do more to contain and crack down on North Korea. 
The United States is already working with South Korea and Japan, for example; 
but, geopolitical complexities must be navigated skillfully in order to further pull 
in other key actors constructively, so as to better deal with the challenges at hand. 
Keep in mind, for instance, that as pressure increases on China to pull back from 
North Korea, Russia is stepping into the breach as backstop for Kim Jong-un’s re- 
gime. 

The Department of Homeland Security (DHS) must strategically plan, resource, 
and prepare for the cyber threat posed by North Korea, and it must do so in the 
context of the broader threat posed by that country, and as part of the Department’s 
mission writ large, which includes but is not limited to the “.gov” environment. DHS 
must also do all of this at a time when resources are limited and threats are ex- 
panding. The challenge, therefore, is to develop and implement programs that are 
not only effective but efficient. The Quadrennial Homeland Security Review (QHSR) 
is one instrument that helps to align strategy imperatives with spending param- 
eters, so that both programming and underwriting are undertaken wisely. However, 
in the present ecosystem where risks are intensifying, it bears asking (immediately) 
if the current status of DHS programs and plans is sufficient—or whether there are 
things that the Department can and should do differently. 
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The National Protection and Programs Directorate (NPPD) of DHS provides a 
range of valuable services to support and protect entities directly within its remit 
(Federal civilian networks) and partners with whom the Department collaborates 
(State, local, Tribal, and territorial governments, and the private sector). These 
services range from vulnerability scanning and mitigation guidance, to information 
sharing and malware analysis, to technical assistance and intrusion-/incident-spe- 
cific “hunt” teams. Importantly, efforts are underway to “streamline and elevate” 
the NPPD’s cybersecurity and critical infrastructure mission. These activities, to- 
gether with the multidisciplinary experience and expertise of the Department as a 
whole (e.g., in law enforcement, risk mitigation, and emergency management, to 
name a few), allow DHS to help further National resilience, and deter threat ac- 
tors.11 

The Department’s work on “Hidden Cobra” is a case in point. This attack effort 
by North Korean government actors targeted U.S. businesses (including critical in- 
frastructure sectors, financial and aerospace companies) using malware and botnet 
attacks.12 Working together with the Federal Bureau of Investigation (FBI), DHS 
provided critical infrastructure owners and operators (85 percent are in the private 
sector) with crucial situational awareness in the form an alert, attribution, and 
malware analysis.12 In its outreach to stakeholders, DHS _ specified the 
vulnerabilities that the North Korean perpetrators were using, as well as signatures 
that could be used for/integrated into response strategies. Importantly, these types 
of network-defense activities can be very effective in countering North Korea in par- 
ticular, which has a massive botnet infrastructure. From the standpoint of industry, 
furthermore, the sort of granular and timely information that DHS provided—in- 
cluding the identity of the attacker and the tactics, techniques, and procedures 
(TTPs) used—was valuable, as it allowed alerted entities to inoculate themselves 
against certain vulnerabilities (or, at least, to mitigate the consequences of breach). 
In addition to identifying TTPs, DHS, and FBI in conjunction with the intelligence 
community could also provide indications & warning (I&W) of potential North Ko- 
rean target lists/selection and potential order of battle. 

Hidden Cobra is thus illustrative of the interagency process working as it should, 
with DHS partnering with the Federal community for information exchange, in 
order for DHS to provide real added value to its stakeholders. The case also ties 
together the information-sharing component with deterrence, in that the DHS alert 
and subsequent prevention/mitigation activity on the part of targeted businesses 
(and the Government) demonstrates to the attacker that the United States is both 
ready and able to take anticipatory (defensive) action against adversaries or, if need 
be, to rebound and show resilience post-attack. This evidence of “a virtuous cycle” 
is what DHS can and should build upon, so as to generate additional positive mo- 
mentum that in turn will help further fuel its own success. Interagency partners 
like the Cyber Threat Intelligence Integration Center (CTIIC) have already proven 
to be willing and capable partners in upping the U.S. game against cyber adver- 
saries: As events unfold, CTIIC brings together information from across the Federal 
cyber community to form a shared picture of the U.S. Government’s information 
(both Classified and Unclassified), gaps, and actions to inform decision makers who 
have a role in the response. But still, we need to do more, and we need to do better. 
In this respect, we should strive for the DHS equivalent to military planning and 
execution, where all relevant players have a seat at the table pre-incident and 
where all concerned are well-positioned to thwart attacks and attackers when an 
incident is underway. 


CONCLUSION 


Thank you again for this opportunity to testify on this important topic.!¢ I look 
forward to trying to answer any questions that you may have. 


Mr. PERRY. The Chair thanks the gentleman. 


11For additional details, see the written testimony of Acting Secretary of Homeland Security 
Elaine C. Duke, tendered to the Senate Committee on Homeland Security and Governmental 
Affairs (September 27, 2017), https:/ /www.hsgac.senate. gov hearings |09/ 18/2017 /threats- to- 
the-homeland (see especially pages 9-11). 

12Tom Spring “DHS, FBI warn of North Korea ‘Hidden Cobra’ strikes against US assets,” 
Threatpost (June 14, 2017), https:/ /threatpost.com /dhs-fbi-warn-of-north-korea-hidden- cobra- 
strikes-against-us- -assets | 126263 /. 

13 US-CERT Alert (TA 17-164A), “HIDDEN COBRA—North Korea’s DDoS Botnet Infrastruc- 
ture” (June 13, 2017), Attps:/ /www.us-cert.gov / neas / alerts /TA17-164A. 

14] would like to thank the Center’s Associate Director Sharon Cardash for her help in draft- 
ing my prepared testimony. 
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The Chair now recognizes Mr. Ruggiero—Ruggiero for an open- 
ing statement. I threw an I in there. I don’t know where it came 
from, but I threw it in. 


STATEMENT OF ANTHONY RUGGIERO, SENIOR FELLOW, 
FOUNDATION FOR DEFENSE OF DEMOCRACIES 


Mr. RUGGIERO. Chairman Perry, Ranking Member Correa, and 
distinguished Members of the subcommittee, thank you for the op- 
portunity to address you today on this important issue. 

North Korea’s nuclear weapons and missile programs are ex- 
panding after a decade of failed American policies, and now pose 
a direct threat to the U.S. homeland. Pyongyang has threatened 
our close allies South Korea and Japan, as well as the U.S. troops 
stationed for decades on allied territory. 

The progress of North Korea’s program should not be surprising 
since Pyongyang conducted its first nuclear test 11 years ago. Its 
long-range missile program has lasted for more than 20 years. 
Pyongyang twice tested an intercontinental ballistic missile in July 
that could target Los Angeles, Denver, and Chicago, and possibly 
Boston and New York. The Kim regime tested a massive thermo- 
nuclear weapon designed to obliterate cities and could be delivered 
by Pyongyang’s long-range missiles. 

These developments are more concerning when we consider that 
Pyongyang has a proclivity for selling weapons to anyone who will 
pay for them. It has sold items related to nuclear weapons, chem- 
ical weapons, and ballistic missiles. Among North Korea’s most 
troubling relationships are those with Iran and Syria. The threat 
we face is acute and growing. After years of strategic patience, the 
time has come for a policy of maximum pressure that actually 
stands a chance of restraining the North Korean threat without re- 
sorting to war. 

The Trump administration is pursuing Iran-style sanctions to 
force North Korea to denuclearize. Absent that result, protect the 
United States and its allies from Pyongyang’s activities. Both crit- 
ics and supporters of the 2015 nuclear deal agree that sanctions 
were the main driver that brought Iran to the negotiating table. 
Modeled on the successful Iran sanctions program, the Trump ad- 
ministration’s efforts clarify the choice we are asking other coun- 
tries to make: Do business with North Korea or do business with 
the United States. It cannot be both. 

This approach includes diplomatic efforts to convince other coun- 
tries to cut ties with North Korea, reinforced by the threat of losing 
access to the U.S. financial system. The Wall Street Journal re- 
ported that a year-long effort by the State Department resulted in 
over 20 countries cutting off diplomatic or commercial relationships 
with North Korea. 

In prior testimonies, I detailed flaws in the current sanctions re- 
gime, including a failure to prioritize the North Korea sanctions 
program and the need to focus on Pyongyang’s overseas business 
network, as well as non-North Koreans facilitating sanctions of 
Asia. 

North Korea’s shipping network plays a crucial role in sup- 
porting this evasion, including the prohibited transfer of commod- 
ities. The Countering America’s Adversaries Through Sanctions Act 
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contains several provisions for the Department of Homeland Secu- 
rity that require it to highlight the role of North Korean vessels in 
illicit transfers and the role of third-party countries facilitating 
these transfers. 

The Department must publish a list of North Korean vessels. 
Treasury’s Office of the Foreign Assets Control currently lists only 
40 vessels as blocked property of North Korean designated persons, 
but our research indicates that more than 140 could be linked to 
North Korea. 

The Department of Homeland Security and other elements of the 
U.S. Government should focus on the activities of North Korean 
linked vessels, including increasing the number of entities and in- 
dividuals sanctioned in the North Korea shipping sector, compiling 
a complete list of vessels linked to North Korea, and naming ports 
in China and Russia that facilitate North Korea sanctions of Asia. 
The urgency of the threat should call for the Department to take 
these actions before the 180-day grace period granted by the sanc- 
tions law is elapsed. 

North Korea’s nuclear weapons and missile programs are a 
threat to the U.S. homeland and our allies. There are two basic pol- 
icy options for the United States. One accepts this dangerous situa- 
tion as reality under the false premise that North Korea’s provo- 
cations can be contained or deterred. The other path was successful 
in bringing Iran to the negotiating table with crushing sanctions 
that could force the Kim regime to realize the futility of continuing 
its nuclear weapons and missile programs. 

The only peaceful way to protect the U.S. homeland is to ensure 
Kim Jong-un feels the full weight of sanctions implemented by the 
United States and our allies. 

Thank you again for inviting me, and I look forward to your 
questions. 

[The prepared statement of Mr. Ruggiero follows:] 


PREPARED STATEMENT OF ANTHONY RUGGIERO 


OCTOBER 12, 2017 


Chairman Perry, Ranking Member Correa, and distinguished Members of this 
subcommittee, thank you for the opportunity to address you today on this important 
issue. 

My testimony will begin with a review of North Korea’s nuclear- and missile-re- 
lated proliferation activities, followed by a discussion of how Iran-style sanctions can 
sharply increase the amount of pressure on Pyongyang. My testimony will conclude 
with recommendations for how the Department of Homeland Security (DHS) should 
implement its mandate to monitor North Korean vessels in order to maximize the 
impact of sanctions. 

North Korea’s nuclear weapons and missile programs are expanding after a dec- 
ade of failed American policies and now pose a direct threat to the U.S. homeland. 
Pyongyang has threatened our close allies, South Korea and Japan, as well as the 
U.S. troops stationed for decades on allied territory. The progress of North Korea’s 
programs should not be surprising since Pyongyang conducted its first nuclear test 
11 years ago; its weaponization program likely started before then. Its long-range 
missile program has lasted for more than 20 years and is beginning to show success. 

Pyongyang twice tested an intercontinental ballistic missile (ICBM) in July. Both 
tests were launched in a lofted trajectory to avoid overflying Japan. But technical 
analysis of the second test on July 28 suggests that North Korean ICBMs could tar- 
get Los Angeles, Denver, Chicago, and possibly Boston and New York.! While an 


1David Wright, “North Korean ICBM Appears Able to Reach Major US Cities,” Union of Con- 
cerned Scientists, July 28, 2017. (http:/ /allthingsnuclear.org /dwright /new-north-korean-icbm) 
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ICBM may reach that distance, questions remain about the survivability of 
Pyongyang’s missiles during their reentry into Earth’s atmosphere, since the effec- 
tiveness of the heat shields protecting their warheads is unknown.? However, it is 
important not to underestimate North Korea’s ability to overcome these challenges, 
since Pyongyang’s progress on the ICBM program has outpaced the intelligence 
community’s development time lines by 2 years.* 

Kim Jong-un’s regime followed its successful ICBM launches in July with a mas- 
sive thermonuclear weapon test on September 3. As part of that test, North Korea 
likely succeeded in detonating a nuclear weapon designed to obliterate cities, which 
could be delivered by its long-range missiles.4 The threat we face is acute and grow- 
ing. After years of passivity justified by the mantra of “strategic patience,” the time 
has come for a policy of “maximum pressure” that actually stands a chance of re- 
straining the threat without resorting to war. 


PROLIFERATION CONCERNS ® 


The advances in North Korea’s weapons programs are more concerning when we 
consider that Pyongyang has a proclivity for selling weapons to anyone who will pay 
for them. It has sold items related to nuclear weapons, chemical weapons, and bal- 
listic missiles. Among North Korea’s most troubling relationships are those with 
Tran and Syria. 

Pyongyang and Tehran have a long-standing partnership on missile development, 
including the transfer of ballistic missiles. The relationship was serious enough for 
the Obama administration to sanction Iran just a day after implementation of the 
2015 nuclear deal began. The Treasury Department reported at the time that Ira- 
nian technicians traveled to North Korea to work on rocket boosters and senior offi- 
cials conducted contract negotiations in Pyongyang.® 

North Korea and Iran would both stand to gain by extending their cooperation 
from ballistic missiles to nuclear activities. Pyongyang’s nuclear weapons testing 
has produced useful information that scientists in Iran would be very interested in. 
There have also been unconfirmed reports of Iranian nuclear scientists at North Ko- 
rea’s nuclear tests.7 It is unclear how far along Pyongyang’s uranium enrichment 
program is, but Iran can conduct advanced centrifuge research under the 2015 nu- 
clear deal, whose results could be attractive to North Korea.® As sanctions on Kim’s 
regime start to bite, it could turn to Iran for hard currency in exchange for nuclear 
technology and knowledge. 

Supporters of the Iran nuclear deal are likely to dismiss these concerns out-of- 
hand, saying there is no evidence of Iran-North Korea nuclear cooperation, but pro- 
liferation is hard to detect. One example is North Korea’s construction of a nuclear 
reactor in Syria, located in an area that would later be controlled by the Islamic 
State. The reactor was built with North Korean assistance and had “striking simi- 
larities” to Pyongyang’s plutonium production reactor at Yongbyon.9 


2David Wright, “Reentry Heating from North Korea’s July 4 Missile Test,” Union of Con- 
cerned Scientists, July 7, 2017. (http:/ / allthingsnuclear. org /dwright /july-4- reentry- heating) 

3 Ellen Nakashima, Anna Fifield, and Joby Warrick, ‘North Korea could cross ICBM threshold 
next year, U.S. officials warn in new assessment,” The Washington Post, July 25, 2017. (https:// 
www.washingtonpost.com / world /national- -security /north-korea-could-cross-icbm- threshold-next- 
year-us-officials-warn-in-new-assessment | 2017/07/25 /4107dc4a-70af-11e7-8f39-eeb7d3a2d304- 
__story.html?nid&utm__term=.63b042018d2a) 

4Anna Fifield, “In latest test, North Korea detonates its most powerful nuclear device yet,” 
The Washington Post, September 3, 2017. (https://www.washingtonpost.com /world /north- 
korea-apparently-conducts-another-nuclear-test-south-korea-says / 2017/09 / 03 | 7bce3ff6-905b- 
11e7-8df5-c2e5cf46cle2__ story.html?utm__term=.17217f662896) 

5 Additional North Korea proliferation examples cited in: Anthony Ruggiero, “Restricting 
North Korea’s Access to Finance,” Testimony before House Committee on Financial Services, 
Subcommittee on Monetary Policy and Trade, July 19, 2017. (hitp:/ /www.defenddemocracy.org / 
content /uploads/documents/Anthony__Ruggiero__Testimony _HFSC.pdf) 

6U.S. Department of the Treasury, Press Release, “Treasury Sanctions Those Involved in Bal- 
listic Missile Procurement for Iran,” January 17, 2016. (https:/ /www.treasury.gov / press-center / 
press-releases / Pages / jl0322.aspx) 

7 Jeff Daniels, “North Korea’s ‘No. 2’ official strengthens ties with Iran as U.N. hits Pyongyang 
with new sanctions,” CNBC, August 4, 2017. (hitps:/ /www.cnbc.com/2017/08/04/north-korea- 
officials-visit-to-iran-could-signal-wider-military-ties.html) 

8 Anthony Ruggiero, “Gauging the North Korea-Iran Relationship,” Foundation for Defense of 
Democracies, March 8, 2017. (http://www.defenddemocracy.org /media-hit /anthony-ruggiero- 
gauging-the-north-korea-iran-relationship / ) 

®°Gregory L. Schulte, “Uncovering Syria’s Covert Reactor,” Carnegie Endowment for Inter- 
national Peace, January 2010. (http://carnegieendowment.org/files/schulte__syria.pdf); Robin 
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The lesson North Korea learned from its Syrian adventure was that once the 
United States has committed itself to “engagement,” it loses the will to punish even 
the most blatant disregard for international norms. Even though North Korea built 
the Syrian reactor while at times pretending to engage in serious denuclearization 
talks, the Bush administration went ahead and removed North Korea from the state 
sponsor of terrorism list in 2008. Since North Korea was not punished for con- 
structing a nuclear reactor in Syria, it will likely decide that scientific exchanges 
with Iran or other countries are not likely to be detectable and will not be subject 
to punishment even if they are discovered. 

One should also note that North Korea’s relationship with Syria included the 
transfer of materiel used for chemical weapons, which is especially disturbing given 
the Assad regime’s use of chemical weapons on its own population. In 2009, Greece 
stopped a vessel headed to Syria that was suspected of violating North Korea-re- 
lated U.N. sanctions; authorities found 13,000 chemical protective suits manufac- 
tured in North Korea.!° In 2013, Turkey stopped a vessel that originated in North 
Korea; it was carrying 1,400 rifles and pistols, 30,000 rounds of ammunition, and 
gas masks destined for Syria.1! The United Nations Panel of Experts noted in its 
September 2017 midterm report that it is investigating additional interdictions of 
North Korean-related vessels headed to Syria, as well as continued cooperation be- 
tween Pyongyang and Damascus (including North Korean representatives in Syria), 
and a contract that could include cooperation on chemical weapons, ballistic mis- 
siles, and conventional arms.12 

Another ee of North Korea’s proliferation activities is the role China and Rus- 
sia play in allowing Pyongyang’s proliferation entities to operate in their respective 
countries 11 years after the first U.N. sanctions were passed. Recent examples came 
to light when Treasury in early June sanctioned a Russian company and individual 
for providing supplies to Korea Tangun Trading Corporation and noted the indi- 
vidual is a frequent business partner of Tangun officials in Moscow.!3 Tangun was 
designated by the United States and United Nations in 2009 for its involvement in 
North Korea’s WMD and missile programs. In late August, Russia’s Gefest-M LLC 
and its director were sanctioned for procuring metals for Tangun’s Moscow office.14 

In late August, Treasury sanctioned a Chinese company, Dandong Rich Earth 
Trading Co., Ltd., that purchased vanadium ore from a U.N.- and U.S.-sanctioned 
company, Korea Kumsan Trading Corporation, which is tied directly to North Ko- 
rea’s nuclear weapons program.!° The United Nations prohibited North Korea’s ex- 
ports of vanadium ore in March 2016.16 

These examples highlighting Pyongyang’s provocations extend beyond its nuclear 
weapons and missile tests to continued operations of its proliferation entities and 
transfer of nuclear-, chemical-, and missile-related items. It also underscores why 
we cannot fall back into a period of acceptance of these provocations and must use 
robust, Iran-style sanctions to limit these activities. 


IRAN-STYLE SANCTIONS 


North Korea says it is not interested in denuclearization, and its actions reinforce 
its words. Pyongyang showed us the “Map of Death” in 2013 suggesting its nuclear 
targets are Washington, DC; Hawaii, home to Pacific Command; possibly San Diego, 
home to the Pacific Fleet; and possibly San Antonio, home to U.S. Air Force Cyber 
Command.!’ Just after the July 4 ICBM test, North Korea’s state media said that 


Wright, “N. Koreans Taped At Syrian Reactor,” The Washington Post, April 24, 2008. (http:// 
www.washingtonpost.com /wp-dyn/ content / article /2008 / 04/23 /AR2008042302906.html) 

10 Joseph S. Bermudez Jr., “North Korea’s Chemical Warfare Capabilities,” 38 North, October 
10, 2013. (hitp:/ /www.38north.org / 2013 / 10/jbermudez101013 /) 

11 Barbara Demick, “North Korea tried to ship gas masks to Syria, report says,” The Los Ange- 
les Times, August 27, 2013. (http://articles.latimes.com /2013 /aug/27/world /la-fg-wn-north- 
korea-syria-gas-masks-20130827) 

12United Nations Security Council, “Midterm report of the Panel of Experts established pur- 
suant to resolution 1874 (2009),” September 5, 2017. (http://www.un.org/ga/search/ 
view__doc.asp?symbol=S /2017/742) 

13U.S. Department of the Treasury, Press Release, “Treasury Sanctions Suppliers of North 
Korea’s Nuclear and Weapons Proliferation Programs,” June 1, 2017. (https:// 
www.treasury.gov / press-center / press-releases / Pages /sm0099.aspx) 

14U.S. Department of the Treasury, Press Release, “Treasury Targets Chinese and Russian 
Entities and Individuals Supporting the North Korean Regime,” August 22, 2017. (https:// 
www. pastry Bev /press-center / press-releases / Pages /sm0148.aspx) 

15 Thid. 

16 United Nations Security Council, Resolution 2270, March 2, 2016. (hitp://www.un.org/en/ 
ga/search/view__doc.asp?symbol=S / RES /2270%282016%29) 

17 Jeffrey Lewis, “The Map of Death,” Foreign Policy, April 3, 2013. (http:/ /foreignpolicy.com/ 
2013/04/03 /the-map-of-death /) 
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the Kim regime would not negotiate away its nuclear weapons or ballistic missiles 
or stop bolstering its nuclear force unless the United States ended its “hostile policy 
and nuclear threat” to North Korea.18 Translation: When Washington abandons its 
allies in Tokyo and Seoul and removes all troops, North Korea might be willing to 
talk about its programs. 

Rather than working to overcome Pyongyang’s intransigence, many experts call 
for the acceptance of North Korea as a nuclear weapons state and insist that the 
United States can protect itself with a policy of deterrence.!9 Both nuclear and con- 
ventional deterrence are essential components of a comprehensive U.S. strategy, yet 
are not effective means of exerting pressure on Pyongyang or preventing dangerous 
provocations. Some suggest the United States has successfully deterred Pyongyang, 
since there has been no second Korean War. Nonetheless, North Korea’s reckless be- 
havior in recent years has included sinking the Cheonan, killing over 40 South Ko- 
rean sailors, maintaining a robust relationship with Iran, building a nuclear reactor 
in Syria that Israel destroyed in 2007, and launching ballistic missiles directly over 
Japan. Unfortunately, this is a short list of the limits of deterrence. 

Some experts suggest the policy of deterrence should be complemented by a freeze 
of North Korea’s nuclear weapons and missile programs that will lead to a reduction 
of the threat and roll-back elements of the programs. Pyongyang has a history of 
pocketing the incentives it has been offered in exchange for temporary restraints, 
then violating the deals with great haste. While nominally abiding by the 1994 
Agreed Framework, North Korea developed a covert uranium enrichment program. 
We discussed earlier how Israel destroyed a nuclear reactor in Syria built by North 
Korea during negotiations on its nuclear program. 

The Trump administration is pursuing Iran-style sanctions to force North Korea 
to denuclearize and, absent that result, protect the United States and its allies from 
Pyongyang’s activities. Both critics and supporters of the 2015 nuclear deal agree 
that sanctions were the main driver that brought Iran to the negotiating table. Last 
month I testified before the Senate Committee on Banking, Housing, and Urban Af- 
fairs, noting that before Congress passed the first North Korea sanctions law, sanc- 
tions against North Korea were not strong or well-enforced. Despite the misconcep- 
tion that North Korea is already the most-sanctioned country in the world, FDD’s 
research shows that Pyongyang was the eighth most-sanctioned country in February 
2016 and has moved up to fourth behind Ukraine/Russia, Syria, and Iran.2° 

The key aspect of the Iran sanctions model was that it forced companies, individ- 
uals, banks, and governments in the United States and abroad to make a choice: 
Stop doing business with Iran, or lose access to the U.S. dollar and risk the United 
States freezing their assets and labeling them as doing business with a state spon- 
sor of terrorism intent on developing a nuclear weapon. The approach worked. 
Around the world, banks, and companies—and eventually governments—curtailed 
or eliminated business with Iran.2! 

Executive Order 13810, issued last month, is the latest in the Trump administra- 
tion’s efforts to clarify the choice for countries: Do business with North Korea or the 
United States, it cannot be both.22 The approach combines diplomatic efforts to con- 
vince countries to cut ties with North Korea supported by the threat of losing access 
to the U.S. financial system. Those efforts are beginning to work as countries are 


18“Kim Jong-un Supervises Test-launch of Inter-continental Ballistic Rocket Hwasong—14,” 
Korean Central News Agency (North Korea), July 5, 2017. (hitps:/ /kcnawatch.co/newstream / 
276945 /kim-jong-un-supervises-test-launch-of-inter-continental-ballistic-rocket-hwasong-14 /) 

19 Jimmy Carter, “Jimmy Carter: What I’ve learned from North Korea’s leaders,” The Wash- 
ington Post, October 4, 2017. (hitps:/ /www.washingtonpost.com /opinions /jimmy-carter-what- 
ive-learned-from-north-koreas-leaders / 2017 / 10 /04/a2851a9e-a7bb-11e7-850e-2bdd1236be5d__- 
story.html?utm__term=.e5801c8b4261), Fareed Zakaria, “There’s a way out on North Korea,” The 
Washington Post, September 28, 2017. (https:/ /www.washingtonpost.com / opinions /theres-a- 
way-out-on-north-korea / 2017/09/28 | 4382dfc4-a48a-11e7-b14f-f41773cd5al4__story.html?- 
utm_term=.c0c3153afcc8); William J. Perry, “To confront North Korea, talk first and get tough 
later,” The Washington Post, January 6, 2017. (https://www.washingtonpost.com / opinions /to- 
confront-north-korea-talk-first-and-get-tough-later / 2017/01/06 /9334aee4-d451-11e6-9cb0- 
54ab630851e8 _ story.html?utm__term=.68cb376d8927) 

20 Anthony Ruggiero, “Evaluating Sanctions Enforcement and Policy Options on North Korea,” 
Testimony before Senate Committee on Banking, Housing, and Urban Affairs, September 7, 
2017. (http:/ /www.defenddemocracy.org / content / uploads /documents/09-07-17__AR_Senate_- 
Banking _Testimony-1.pdf) 

21 Paul Sonne and Felicia Schwartz, “U.S. Pressure on North Korea’s Global Ties Bears Fruit,” 
The Wall Street Journal, October 8, 2017. (htips://www.wsj.com/articles /State-department- 
pressure-on-north-koreas-global-ties-bears-fruit-1507492004) 

22 Executive Order 13810, “Imposing Additional Sanctions With Respect to North Korea,” Sep- 
tember 20, 2017. (https://www.treasury.gov /resource-center / sanctions / Programs /Documents / 
13810.pdf) 
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choosing America’s $19-trillion economy. The Wall Street Journal reported that a 
year-long effort by the State Department resulted in over 20 countries cutting off 
diplomatic or commercial relationships with North Korea. 

China will play a large role in an effective, Iran-style sanctions regime against 
North Korea, given Beijing’s robust economic relationship with Pyongyang. Over the 
last decade, Republican and Democratic presidents have pressed China’s leadership 
to implement tough sanctions against North Korea, hoping the approach would be 
effective. But Beijing continued to vote for tough U.N. sanctions it has not imple- 
mented, and allowed its firms, individuals, and banks to facilitate North Korea’s 
sanctions evasion. 

The Trump administration has started to address the problem directly by tar- 
geting Chinese banks that process financial transactions through the U.S. financial 
system on behalf of North Korea and Chinese networks that profit from facilitating 
North Korea’s sanctions evasion. In particular, the Trump administration has used 
the Justice and Treasury Departments to sanction a Chinese bank, individuals, and 
firms; request that Federal courts return assets illegally processed through the U.S. 
financial system; and request additional fines.2* 

In late September, Treasury sanctioned 26 North Korean banking representatives, 
including 19 in China; a clear message to Beijing and its banks that it must clean 
up its act or face consequences.24 Chinese leadership has responded to this pressure 
with the People’s Bank of China, its central bank, issuing a directive mandating 
banks stop transactions with North Koreans.?° 

But Beijing must do more to ensure North Korea cannot use China as a hub for 
its sanctions evasion. Chinese banks should increase scrutiny of financial and com- 
mercial relationships to identify and stop transactions with North Korea. Chinese 
banks have the financial resources to do it, but the Trump administration likely will 
need to sanction additional Chinese banks to reinforce the message, starting with 
fines similar to the approach against European banks for Iran sanctions violations. 


DHS ROLE IN SANCTIONS 


In prior testimonies, I detailed flaws in the current sanctions regime, including 
not prioritizing the North Korea sanctions program and the need to focus on 
Pyongyang’s overseas business network and non-North Koreans facilitating sanc- 
tions evasion.2® North Korea’s shipping network plays a crucial role in Pyongyang’s 
sanctions evasion, including the prohibited transfer of commodities. 


23 Six actions against China show a developing pattern: 1) May 22: damming warrants against 
Dandong Zhicheng network requiring eight U.S. banks to freeze U.S. dollar transactions; 2) 
June 14: asset forfeiture request for $19 million from Mingzheng; 3) June 29: declaring a Chi- 
nese bank (Bank of Dandong) a money launderer for North Korea; 4) June 29: designation of 
two Chinese individuals and entity; 5) August 22: designation of five Chinese firms and one indi- 
vidual, including Dandong Zhicheng network; and 6) August 22: asset forfeiture request from 
the Dandong Zhicheng network. United States of America v. All Wire Transactions Involving 
Dandong Zhicheng Metallic Material Company, LTD., et. al. (D.D.C. filed May 22, 2017). 
(Attp:/ /www.ded.uscourts.gov / sites | ded / files |BAHMemoandOrder.pdf), United States of Amer- 
ica v. Funds Associated with Mingzheng International Trading Limited, No. 1:17-cv-01166-KBJ 
(D.D.C. June 14, 2017). (Accessed via PACER); Proposal of Special Measure Against Bank of 
Dandong as a Financial Institution of Primary Money Laundering Concern, U.S. Department 
of the Treasury, Financial Crimes Enforcement Network, 82 Federal Register 31537, July 7, 
2017. (https:/ /www.fincen.gov / sites / default /files /Federal |_register__notices/2017-07- 67/2017. 
14026.pdf); U.S. Department of the Treasury, Press Release, “Treasury Acts to Increase Eco- 
nomic Pressure on North Korea and Protect the U.S. Financial System,” June 29, 2017. 
(htips:/ /www.treasury.gov / press-center /press-releases / Pages /sm0118.aspx); U.S. Department of 
the Treasury, Press Release, “Treasury Targets Chinese and Russian Entities and Individuals 
Supporting the North Korean Regime,” August 22, 2017. (https:/ /www.treasury.gov /press-cen- 
ter / press-releases / Pages /sm0148.aspx); United States of America v. Funds Associated with 
eid Chengtai Trading Limited, No. 1:17-cv-01706 (D.D.C. August 22, 2017). (Accessed via 
PACER) 

24U.S. Department of the Treasury, Press Release, “Treasury Sanctions Banks and Represent- 
atives Linked to North Korean Financial Networks,” September 26, 2017. (https:// 
www.treasury.gov / press-center / press-releases / Pages /sm0165.aspx) 
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The Countering America’s Adversaries Through Sanctions Act (CAASA) contains 
several provisions for the Department of Homeland Security that will highlight the 
role of North Korean vessels in illicit transfers and the role of countries that facili- 
tate these transfers.27 

CAASA amends the Ports and Waterways Safety Act by requiring the Secretary 
of Homeland Security to publish a list of vessels “owned or operated by or on behalf 
of the Government of North Korea or a North Korean person.”28 Even though Treas- 
ury’s Office of Foreign Assets Control currently lists only 40 vessels as blocked prop- 
erty of North Korean-designated persons, FDD research indicates that more than 
140 could be linked to North Korea. The Department of Homeland Security, in con- 
sultation with other relevant agencies, should take an expansive view of the legal 
requirement to name North Korean-linked vessels, including those owned and/or 
managed by non-North Korean front companies. Pyongyang has extensive experi- 
ence hiding its involvement in the commercial and financial sectors, a practice that 
likely extends to the shipping sector. 

The law requires the list to contain vessels owned by countries: (1) Whose sea 
ports are not implementing U.N. shipping sanctions or facilitate the transfer of 
cargo prohibited by the United Nations; and (2) are identified by the president as 
not complying with applicable U.N. sanctions.29 This provision will be crucial, as 
China and Russia have allowed North Korean-linked vessels to continue to transfer 
prohibited materials. Beijing and Moscow will need to increase their inspection of 
North Korea-linked vessels to ensure compliance with U.N. shipping sanctions, in- 
cluding verifying Pyongyang is not importing or exporting prohibited materiel or 
commodities. Treasury Assistant Secretary Marshall Billingslea highlighted this 
challenge in testimony on September 12 before the House Foreign Affairs Com- 
mittee. Billingslea noted that North Korean vessels transferred North Korean coal 
to China after turning off its vessel identification systems, a highly suspicious ac- 
tion. North Korean vessels have also used Russian ports to transfer North Korean 
coal between vessels to further obscure its shipment to China.° 

The Department of Homeland Security and other elements of the U.S. Govern- 
ment must focus on the activities of North Korean-linked vessels, including increas- 
ing the number of entities and individuals sanctioned in North Korea’s shipping sec- 
tor, compiling a complete listing of vessels linked to North Korea, and naming ports 
in China and Russia that facilitate North Korea’s sanctions evasion. The urgency 
of the threat calls for the Department to take these actions before the 180-day pe- 
riod granted by CAASA has elapsed. 


CONCLUSION 


North Korea’s nuclear weapons and missile programs are a threat to the U.S. 
homeland and our allies. There are two policy options: One accepts this dangerous 
situation as reality under the false premise that North Korea’s provocations can be 
contained or deterred. The other path was successful in bringing Iran to the negoti- 
ating table with crushing sanctions that could force the Kim regime to realize the 
futility of continuing its nuclear weapons and missile programs. The only peaceful 
way to protect the U.S. homeland is to ensure Kim Jong-un feels the full weight 
of sanctions implemented by the United States and our allies. 

On behalf of the Foundation for Defense of Democracies, I thank you again for 
inviting me to testify and I look forward to addressing your questions. 


Mr. PERRY. The Chair thanks the gentleman. 
The Chair now recognizes Mr. Terrell for an opening statement. 


STATEMENT OF PATRICK R. TERRELL, SENIOR RESEARCH 
FELLOW, CENTER FOR THE STUDY OF WEAPONS OF MASS 
DESTRUCTION, NATIONAL DEFENSE UNIVERSITY 


Mr. TERRELL. Chairman Perry, Ranking Member Correa, distin- 
guished Members of the subcommittee, it is my honor today to tes- 


27Countering America’s Adversaries Through Sanctions Act, 115 U.S.C. (hAttps:// 
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Testimony before House Foreign Affairs Committee, September 12, 2017. (http:/ 7 
docs.house.gov / meetings / FA/FA00/20170912/ 106389 /HHRG-115-FA00-WState- -BillingsleaM- 
20170912.pdf) 


20 


tify on the North Korean WMD threats to the homeland. The views 
expressed in this testimony are my own and do not reflect those of 
the National Defense University or the Department of Defense. 

We do not yet face a clear and present existential threat to the 
American homeland from North Korea, but it is getting closer each 
day. The threat will be very real very shortly, but it is nevertheless 
potentially manageable. 

Today, North Korea possesses nuclear, chemical, and potentially 
biological weapons that can be unleashed directly or through others 
against U.S. vital interests abroad and in the homeland. 

Under Kim Jong-il and Kim Jong-un—or Kim I]-sung and Kim 
Jong-il, nuclear weapons development progressed at a steady pace, 
a very deliberate pace. With Kim Jong-un, we have seen this ex- 
treme increase in pace of intermediate and intercontinental bal- 
listic missile testing and nuclear weapons testing, to include the 
most recent one in September. This acceleration has North Korea 
on the verge of a functional road-mobile ICBM capable of delivering 
nuclear weapons to the continental United States. 

While questions remain about the overall trajectory of the pro- 
gram, North Korea could have, by some estimates, enough fissile 
material for up to 60 nuclear weapons. Not all of those will be their 
most sophisticated design, but they could still be employed. What- 
ever miniaturized warheads they have managed to manufacture to 
this point could be used against Guam and the continental United 
States. While the reliability, accuracy, and survivability is ques- 
tionable, we should expect that North Korea could endeavor to use 
these weapons in a time of crisis. 

Additionally, North Korea maintains a large stockpile of chemical 
warfare agents, probably mostly consisting of blister and nerve 
agents which, while intended for warfighting, the Korean geog- 
raphy supports strategic employment against the 25 million people 
living in the greater Seoul metropolitan area, which would almost 
assuredly result in exposure to some of the 140,000 American citi- 
zens living in South Korea, and raise the potential for the need of 
returned chemical casualties to United States for long-term care. 

The assassination of Kim Jong-nam with VX in Kuala Lumpur 
this February demonstrated North Korea’s ability to transport and 
use chemical weapons overseas. While we know far less about their 
biological weapons program, it is believed that given the infrastruc- 
ture that they possess within North Korea, they can conduct re- 
search and development and possibly produce small batches of bio- 
logical agents. 

North Korea’s long history of shipping conventional arms, drugs, 
and counterfeit money could facilitate attempts to move chemical 
or biological weapons into the U.S. homeland for attack. While not 
on the scale achievable in South Korea, they could be impactful 
enough to foment fear. While no one has clear insights into Kim 
Jong-un’s thinking, we can surmise he has two primary objectives: 
His personal survival and the continued existence of a Kim-led re- 
gime. To that end, watching Iraq and Libya could reinforce his be- 
lief that he is more likely to remain in power by demonstrating a 
credible operational WMD capability intended to deter attack on 
the Korean peninsula. 
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We also know North Korea remains intent on breaking our alli- 
ance system in Asia, and believes that threats to the homeland will 
cause United States to abandon South Korea and Japan during a 
time of crisis. We also know that both Kim Jong-un and his father 
believed they could manage provocations in the escalation, and that 
by possessing a nuclear weapon, he believes that the U.S. threshold 
for war may be heightened, allowing him to be more provocative 
and belligerent. 

So what can we do about this? The pressure campaign must re- 
main global. We must strengthen our homeland and develop a 
modern approach to deterrence. Regional economic links and mili- 
tary posture are essential to demonstrating U.S. presence as a 
transpacific leader. Financial diplomatic and informational pres- 
sures in other regions of the world must be applied to cut off poten- 
tial trading partners. 

Next, the United States must protect all of our territory from 
North Korean attacks and respond should one occur. Many of the 
actions the Department of Defense, Department of Homeland Secu- 
rity, and others have taken to prepare for WMD attack by terror- 
ists would also apply to North Korean attacks against the home- 
land. We must enhance our nuclear preparedness to include plan- 
ning for and exercising responses to large-scale attacks, perhaps 
with multiple nuclear weapons. 

I am not sure we have fully grasped how difficult the logistics 
and coordination will be for immediate life-saving actions, short- 
term relief efforts, and long-term rebuilding following multiple nu- 
clear detonations, particularly if one is 2,500 miles away in Hawaii 
or over 6,000 miles away in Guam. 

Finally, we need to tailor a deterrent approach for the unique 
challenge of North Korea. Kim Jong-un must understand that any 
conflict with the United States will end his regime and he will be 
denied the effects he is seeking to achieve. He should see how his 
nuclear threats strengthen our alliance. Resolve is demonstrated 
not by words, but by deeds: Proper resourcing, training, and exer- 
cising of our response forces; demonstrating our ballistic missile de- 
fenses; hardening our critical infrastructure against attack; and 
possessing a ready, reliable, and survivable nuclear triad. 

Again, thank you for this opportunity, and I look forward to your 
questions. 

[The prepared statement of Mr. Terrell follows:] 


PREPARED STATEMENT OF PATRICK R. TERRELL 


OCTOBER 12, 2017 


Chairman Perry, Ranking Member Correa, and distinguished Members of the sub- 
committee: It is my honor to testify on the weapons of mass destruction threat posed 
to the United States by North Korea. The views expressed in this testimony are my 
own and do not reflect those of the National Defense University or the Department 
of Defense. 

As to the seriousness of the dangers posed by the North Korean WMD arsenal 
to the U.S. homeland I would say, “We do not yet face a clear and present existen- 
tial threat to the American homeland, but we are getting closer each day. The 
threat will be very real very shortly—but it is nevertheless potentially manageable 
if we take the appropriate steps.” 

North Korea is not a new threat that has suddenly developed; the United States 
has been dealing with North Korea for 67 years. For most of that time, the chal- 
lenges posed by North Korea remained isolated to the Korean peninsula and north- 
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east Asia. Then particularly after the fall of the Soviet Union, North Korean arms 
sales particularly in the Middle East and African turned them into a global pro- 
liferation concern aiding other rogue regimes, such as Syria and Iran. With respect 
to North Korean WMD development, the North Korean leadership has long recog- 
nized the conventional military advantage the United States-Republic of Korea alli- 
ance maintains on the land, in the sea, and in the air. Therefore, Kim I]-Sung 
looked to develop asymmetric advantages, first through the development of chemical 
and possibly biological weapons, and subsequently through its extensive nuclear and 
missile programs. 


NUCLEAR 


Over the past 40 years, North Korea has invested heavily in the development of 
ballistic missiles and nuclear weapons as a strategic capability. Additionally, the 
ballistic missile program provides real warfighting capabilities and a commodity 
that generates income for the State and the nuclear weapons program through sales 
to a myriad of countries to include Syria and Iran. 

In May 2016, Kim Jong-un established the nuclear weapons program and eco- 
nomic growth as the two pillars of North Korean strength.1 Under Kim Jong-un’s 
leadership, North Korea’s intermediate range ballistic missiles (IRBM) and inter- 
continental ballistic missile (ICBM) testing has increased in frequency and success. 
While it may seem like a normal action for a nation to “develop, test, verify, and 
then field” a missile program, it is a shift for North Korea, which had previously 
fielded entire systems with little or no testing. Such a shift marks a change from 
North Korea being concerned about the appearance of its missile programs to being 
concerned about its efficacy of its missiles. The takeaway from the 77 tests since 
January 2014 (compared to 36 in the preceding 29 years) is that Kim Jong-un, un- 
like his father, has not been afraid to fail, sometimes even catastrophically, which 
has been the key to learning and advancement in the missile program in order to 
reach key operational thresholds.?2 

For many years under Kim Il-sung and Kim Jong-il, the nuclear weapons develop- 
ment process moved along at a deliberate pace. This offered opportunities for the 
United States to attempt to negotiate a halt to its progress through trade-offs and 
incentives. The nuclear tests in 2006 and 2009 acted as an inflection point in the 
international community’s efforts to halt the nuclear program. Since Kim Jong-un 
has taken power, North Korea has conducted four tests, with the September 3, 2017 
test having a yield of roughly 140 kilotons, or nearly ten times larger than the bomb 
dropped on Hiroshima.# 

These recent and successful ballistic missile and nuclear weapons tests suggest 
that North Korea is close to completing the development of a functional road-mobile 
ICBM capable of delivering a nuclear warhead to the continental United States. 
There are still several questions about the program ranging from “how many ICBMs 
does Kim Jong-un plan to build”, to “how will North Korea control and safeguard 
the arsenal”, and “will North Korean behavior change”. We should remember that 
North Korea has been working at this for quite some time and while estimates 
range from 10 to 12 weapons to 30 to 60 weapon, the important point is Kim Jong- 
un is beyond having a weapon he can brandish, but now has a growing stockpile 
and he will develop a doctrine to employ it.4® Not all weapons will use their most 
sophisticated designs, but it is almost a certainty that, if it chooses, North Korea 
can employ nuclear weapons today. This use could take multiple forms, such as de- 
fensively within North Korea or on short-range missiles against targets in South 
Korea or Japan or by cargo ship or plane to other locations within the surrounding 
region. North Korea could use whatever miniaturized warheads they have on inter- 
mediate range Hwasong—12 IRBMs capable of reaching Guam or on Hwasong—14 
ICBMs capable of reaching the Continental United States. While the reliability, ac- 
curacy, and survivability upon reentry of the fully-mated system is questionable, 


1 James Pearson, “North Korea Leader Kim Sets Five-Year Economic Plan, Vows Nuclear Re- 
straint,” Reuters, May 8, 2016, Attp://www.reuters.com/article /us-northkorea-congress- 
idUSKCNOXYOQB. 

2Nuclear Threat Initiative, The North Korean Missile Test Tracker, http://www.nti.org/ 
analysis / articles /cns-north-korea-missile-test-database/, accessed October 10, 2017. 

3 Panda, Ankit, “US Intelligence: North Korea’s Sixth Test Was a 140 Kiloton ‘Advanced Nu- 
clear’ Device”, The Diplomat, September 6, 2017, https:/ /thediplomat.com / 2017/09 /us-intel- 
ligence-north- horeas-sixth-test-was-a-140-kiloton-advanced-nuclear-device / 

4Deb Riechmann and Matthew Pennington, “Here’s Why It’s Hard to Pin Down the Actual 
Size of North Korea’s Nuclear Arsenal”, Time, August 18, 2017, http://time.com/4906219/ 
north-korea-nuclear-weapons-how-many /. 

5 Shane Smith, “North Korea’s Nuclear Futures Series: North Korea’s Evolving Nuclear Strat- 
egy”, AUGUST 2015, http:/ /www.38north.org / 2015/08 / nukefuture082415/. 
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North Korea could still mount and attempt to deliver such munitions in times of 
crisis. 


CHEMICAL 


North Korea maintains a large, operationally-ready stockpile of persistent and 
non-persistent chemical warfare agents capable of delivery via artillery, rockets, 
missiles, and aerial bombs. The program probably consists of the traditional chem- 
ical warfare agents mustard, lewisite, and both G-series and V-series nerve agents 
and fits the profile of a warfighting chemical weapons program intended for defen- 
sive and offensive employment along the demilitarized zone and against U.S. and 
ROK airbases and seaports to halt or slow down the flow of reinforcements and lo- 
gistics.° 7 The geography of the Korean peninsula allows for a strategic employment 
of chemical weapons against unprotected civilians by long-range artillery in the 
Kaesong Heights against the 25 million people in Seoul and by ballistic missiles fur- 
ther north against other South Korean cities, such as Busan. This type of chemical 
weapons use by North Korea during a conflict in Northeast Asia would almost as- 
suredly result in casualties to some of the 140,000 American citizens living in the 
Republic of Korea. These casualties would be not only U.S. Service Members, but 
also family members, Americans working abroad and traveling as tourists. The total 
number of civilians the United States could be required to evacuate could swell to 
230,000, with some being potentially chemical casualties requiring transportation to 
the United States for long-term care. While the military would do everything pos- 
sible to prevent the unintentional transfer of contaminated materials to the United 
States, there will be a need for close coordination with Customs and Border Protec- 
tion, the Environmental Protection Agency, and State regulators. 

Of particular interest to the Departments of Homeland Security, Commerce, 
State, and Justice is the latest development regarding North Korea’s chemical weap- 
ons program—and most brazen proof of the program’s existence: The use of VX 
nerve agent to assassinate Kim Jong-nam in Kuala Lumpur, Malaysia on February 
13, 2017. This attack indicates a willingness to use chemical weapons in unconven- 
tional ways and an ability to transport chemical agents across borders without being 
caught.8 North Korea has a long-established history of using front companies and 
their embassies to proliferate conventional arms, drugs, and counterfeit money. 
North Korea could use these same connections to transport chemical weapons 
through the Middle East, Africa, or South America to agents in the U.S. homeland 
or to sell chemical weapons to violent extremists who could then attack American 
interests globally. While North Korea’s goal presumably would be to achieve a great- 
er impact than a single assassination, they would not be able to achieve an attack 
in any way close to the scale of massed artillery fire into Seoul; however, they could 
still disrupt daily American life, and create mass panic and fear. 


BIOLOGICAL 


We know far less about North Korea’s biological weapons program. Even though 
it is a member of the Biological and Toxins Weapons Convention, it is believed to 
maintain the ability to conduct research and possibly produce some small amounts 
of biological agents.9 Attempts by North Korea to smuggle biological agents into the 
United States would be challenging. Unlike chemical weapons, where the chief con- 
cern of the smuggler is with the shipping container breaking or leaking, with bio- 
logical pathogens the virus or bacteria must be kept alive during transportation. A 
viable biological agent dissemination method must also be available. Biological 
agents, particularly toxins, have proven useful in assassinations, but to date they 
have not proven to be effective, nor necessarily sought after, for large-scale attacks. 


NORTH KOREAN RATIONALE FOR WMD 


When considering the threat posed, it is important to understand why North 
Korea believes they need weapons of mass destruction. While no one possess reliable 
insight into what or how Kim Jong-un thinks, we can reasonably surmise that his 


6“North Korea: Chemical Program,” Nuclear Threat Initiative, Last modified December 2015, 
http:/ /www.nti.org /learn/countries /north-korea / chemical /. 

7Emma Chanlett-Avery et. al, “North Korea: U.S. Relations, Nuclear Diplomacy, and Internal 
Situation,” Congressional Research Service, January 15, 2016, pg. 13. 

8Executive Council Decision (EC—84/DEC.8), Organization for the Prohibition of Chemical 
Weapons (OPCW), March 9, 2017, hAttps://www.opcew.org /fileadmin/OPCW/EC/84/en/ 
ec84dec08_e_.pdf. 

®North Korea: Biological Program, Nuclear Threat Initiative, December 2015, http:// 
www.nti.org /learn / countries /north-korea / biological /. 
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primary objective remains—and will remain—his personal survival and the contin- 
ued existence of a Kim-led regime. To that end, watching the demise of Saddam 
Hussain and Muammar Gaddafi could have led him to believe that he is more likely 
to remain in power by retaining an operational nuclear and chemical weapons capa- 
bility to deter attack by the Republic of Korea and the United States. In order for 
North Korea to establish a deterrent, it must demonstrate a credible capability con- 
sisting of accurate and reliable missiles fitted with functional nuclear warheads. In 
the North Korean view, the fielding of this capability will change past rhetoric about 
attacking the United States into a real deterrent message. Therefore, we should not 
expect Kim Jong-un to halt his development until he feels he has adequate weapons 
systems to impose enough cost on the United States that we will not attempt a re- 
gime change. Since this is all about his perception of a U.S. threshold, he may have 
no realistic view of what size arsenal he needs. Therefore, it is difficult to predict 
how many nuclear weapons North Korea could eventually possess. 

Next, we know North Korea is intent on decoupling the United States from the 
Republic of Korea and ultimately breaking the U.S.-ROK alliance. Kim Jong-un like- 
ly believes that by placing our homeland at risk, the United States will abandon 
South Korea should a conflict arise, or at least be too pre-occupied with homeland 
defense to adequately reinforce the Korean peninsula. To support this effort, North 
Korea has released propaganda videos showing attacks against major U.S. cities and 
key military bases. They understand the military utility in preventing U.S. forces 
from reaching Korea and they believe that the U.S. Government is unwilling to 
trade Los Angeles or Seattle for Seoul. While there have been countless heinous acts 
committed by the Kim dynasty, in retrospect its foreign policy over the past 20 
years has proven to have a certain rationality. Kim Jong-il used provocations to gar- 
ner international assistance and Kim Jong-un uses provocations to shore up domes- 
tic support. Both father and son believed they could manage the level of escalation 
and end the provocation cycle before crossing a threshold that would lead to war. 
From Kim Jong-un’s perspective, he may believe possessing nuclear weapons raises 
the U.S. threshold for war and allows him political space to engage in greater pro- 
vocative actions in the region. Therefore, it is very possible that the United States 
will face an even more emboldened and belligerent North Korea. 

Given these assumptions on North Korea’s strategic aims and views on provo- 
cations, the challenge becomes, “What will lead to North Korean WMD employment 
and what does this mean for homeland security? Will Kim Jong-un only use nuclear 
weapons in a first strike and if so what indications will we have that he is planning 
an attack? What will be Kim Jong-un’s priority targets for nuclear weapons employ- 
nee Aspects of these answers are tied to how the United States reacts to the 
threat. 


SO WHAT CAN THE UNITED STATES DO? 


The U.S. approach must be multi-faceted and include global isolation of North 
Korea, a strengthened homeland, and a modern approach to deterrence. Beginning 
overseas, the United States economic links and military posture are essential to 
demonstrate to North Korea and our allies U.S. permanency as a trans-Pacific lead- 
er. While sanctions against North Korean elites are important to raising pressure 
inside Pyongyang, financial, diplomatic, and informational pressure must be applied 
to cut off potential licit and illicit trading partners around the world. The Kim re- 
gime provides ample evidence that the United States can use to influence all legiti- 
mate governments or businesses to choose to forego any commercial or political sup- 
port of North Korea. 

Next, the United States must be prepared to protect all of our territory from a 
North Korean attack and respond should one occur. Ballistic missile defense is an 
important part of our overall strategy as it provides a layer of protection, but as 
with any shield, it is not perfect. The technological challenges associated with shoot- 
ing down missiles in flight and the shear scope of trying to stay ahead of a rapidly- 
growing threat are enormous. This is an area that I know garners a lot of attention 
in both the House and Senate and I admit to not being an expert in this field, so 
I encourage you to meet with the right experts on what more can or should be done. 

Many of the actions the United States has taken domestically to prepare for the 
risks associated with a terrorist chemical or biological weapons attack would also 
help in the event of a covert attack by North Korea. However, we should continue 
to review and enhance our nuclear preparedness posture. For instance, our current 
preparedness planning assumes single small-scale terrorist devices; we should plan 
for and exercise responses to larger-scale attacks, perhaps with multiple nuclear 
weapons, that would quickly overwhelm our ability to manage the consequences of 
such a campaign. We saw how difficult it was to respond to the three hurricanes 
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that recently struck U.S. territory only weeks apart. While it is easy to say, “Amer- 
ica can do anything”, I am not sure we have really grasped how difficult it would 
be to deal with three nuclear detonations on the homeland. This response would re- 
quire a level of Federal, State, and local coordination never seen before. A different 
yet equally difficult response would be an attack against Guam or Hawaii. Re- 
sponses to either of these islands would require immediate life-saving actions, short- 
term relief efforts and long-term rebuilding. All three of those areas can easily be 
crippled by the realities of time, distance, and the limitation of moving most logis- 
tics by ship. 

As with past and current deterrence challenges, such as with the Soviet Union 
during the cold war and Russia and China today, the United States should take this 
threat seriously, but not overreact. We have to tailor our deterrent approach to the 
unique challenge North Korea poses with nuclear, chemical, and potentially biologi- 
cal weapons programs capable of being employed against U.S. vital interests both 
abroad and in the homeland. Global isolation, ballistic missile defense, and domestic 
preparedness are all vital to deterring North Korea. Kim Jong-un must understand 
that any conflict with the United States or our allies will cost him the things he 
holds most valuable and that the United States will deny him the effects he seeks 
to achieve. Rather than seeing nuclear threats against the United States as a means 
to separate our alliances, he should see how it strengthens our alliances and our 
resolve. Such resolve is demonstrated not with words, but by deeds: Proper 
resourcing, training, and exercising of our response force; exercising our local, State, 
and National response frameworks; demonstrating our ballistic missile defenses; en- 
suring that our critical infrastructure is hardened against the effects of a nuclear 
attack; and finally possessing a ready, reliable, and survivable nuclear triad. 

Chairman Duncan, Ranking Member Correa, thank you for the opportunity to 
share my views with the subcommittee and I look forward to your questions. 


Mr. PERRY. The Chair thanks Mr. Terrell. 
The Chair now recognizes Mr. Greene for an opening statement. 


STATEMENT OF JEFF GREENE, SENIOR DIRECTOR, GLOBAL 
GOVERNMENT AFFAIRS AND POLICY, SYMANTEC CORPORA- 
TION 


Mr. GREENE. Chairman Perry, Ranking Member Correa, thank 
you for the opportunity to be here today. 

We have been tracking the Lazarus Group, which the U.S. Gov- 
ernment has linked to North Korea for over 5 years, and have 
watched as their targets have evolved and their technical skills 
have improved. Lazarus is different from other attack groups that 
have been linked to nation-states in several ways. 

First, their attacks are unusual both in the breadth of their tar- 
gets and in the goals of the attack itself. Second, Lazarus shows 
little hesitation to engage in activity that other groups might take 
pause. Finally, Lazarus targets a variety of disparate industries, 
many simultaneously, and is very quick to move from target to tar- 
get. Their technical capabilities have improved dramatically over 
the past few years, and we view them as above average in overall 
capability and actually expert in some areas. In particular, their 
skill to conducting reconnoissance operations, and the quality of 
the malware that they developed has improved dramatically in the 
past few years. 

The combination of this increased quality malware and new steps 
they have been taking in operational security will likely make it 
harder in the future to connect operations back to Lazarus. 

In other areas, though, Lazarus has made fairly simple mistakes 
that have at times hampered their ability to complete an operation. 
These are usually, however, relatively basic, and we don’t expect to 
see them making the mistakes in the future, given their dem- 
onstrated adaptability. 
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They have been connected to attacks in a wide variety of sectors 
from the entertainment industry, to critical infrastructure, to Gov- 
ernment systems, to the financial sector and to the defense base. 
Unlike other groups that have been publicly connected to nation- 
states, Lazarus has attacked individual internet users en masse. 
Their methods run the gamut, and includes denial-of-service, high- 
ly targeted and sophisticated intrusions, destructive attacks, and 
the use of ransomware. 

You both mentioned in your opening statement the theft of $81 
million dollars from the Bangladesh Central Bank in 2016, but that 
is only part of the story. They actually targeted as much as a bil- 
lion dollars, and but for a fairly simple mistake might have gotten 
away with it. They exploited weaknesses in the bank’s security to 
infiltrate the network and steal credentials and then initiated 
fraudulent transfers. This was a well-planned and sophisticated at- 
tack. 

To cover their tracks, they installed malware, which printed doc- 
tored confirmation receipts, so the folks in Bangladesh didn’t know 
what was going on. The fraud was detected because they actually 
misspelled the names of the recipients of one of the fraudulent 
transfers, which led to inquiries. 

Another Lazarus connected attack is the WannaCry ransomware 
outbreak that happened in May. This was fairly significant. Within 
the first hours, the National Health Service in the United Kingdom 
was taken down and the Spanish telecom provider Telefonica was 
impacted. WannaCry itself was unique and dangerous because it 
propagated autonomously. It was the first ransomware as a worm 
that has had global impact. 

But while WannaCry was very good at infecting computers and 
encrypting data, it was really bad at collecting ransom. Because of 
some fairly simple coding errors, the attackers as yet do not appear 
to have actually collected the ransom that was paid by some of the 
victims. 

Finally, you both mentioned, I believe, the Sony attack. This is 
probably the best-known Lazarus incident out there. It was late 
2014, they were hit with malware that disabled networks, de- 
stroyed data, and stole emails. Most of the media attention after 
this was focused on the salaries of respective movie stars and other 
salacious details. But from a cybersecurity standpoint, the big story 
here was the permanent destruction in the United States of a sig- 
nificant number of computers and servers. By one report, the at- 
tack impacted as much as three-quarters of Sony’s systems in Sony 
Pictures’ headquarters. The FBI, as you probably know, and the 
DNI attributed this attack to the North Korean government. Our 
technical analysis has linked Sony to numerous other attacks, in- 
cluding the Bangladesh bank heist, WannaCry ransomware, Dark 
Soul, which was destructive attacks in Korea in 2011, the Polish 
bank heist that Mr. Cilluffo mentioned. 

In sum, Lazarus is an aggressive and increasingly sophisticated 
attack group that has a demonstrated willingness to disrupt net- 
works, steal money, and destroy computers and data. Unlike other 
major attack groups, which typically focus on one sector or even 
one industry, Lazarus has shown no such limitations. As a result, 
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everyone has to assume that they could be a target of Lazarus and 
prepare accordingly. 

Thank you for the opportunity to be here, and I am happy to 
take any questions. 

[The prepared statement of Mr. Greene follows:] 


PREPARED STATEMENT OF JEFF GREENE 


OCTOBER 12, 2017 


Chairman Perry, Chairman McCaul, Ranking Member Correa, Ranking Member 
Thompson, my name is Jeff Greene and I am the senior director, global government 
affairs and policy at Symantec. I am responsible for Symantec’s global public policy 
agenda and government engagement strategy, and represent the company in key 
public policy initiatives and partnerships. I also serve as a member of the National 
Institute of Standards and Technology’s (NIST) Information Security and Privacy 
Advisory Board (ISPAB), and recently supported the President’s Commission on En- 
hancing National Cybersecurity. I have worked on the House and Senate Homeland 
Security Committees, and immediately prior to joining Symantec I served as senior 
counsel with the Senate committee focusing on cybersecurity and homeland defense 
issues. 

Symantec Corporation is the world’s leading cybersecurity company, and has the 
largest civilian threat collection network in the world. Our Global Intelligence Net- 
work™ tracks over 700,000 global adversaries and is comprised of more than 98 
million attack sensors, which record thousands of events every second. This network 
monitors over 175 million endpoints located in over 157 countries and territories. 
Additionally, we process more than 2 billion emails and over 2.4 billion web re- 
quests each day. We maintain nine Security Response Centers and six Security Op- 
erations Centers around the globe, and all of these resources combined give our ana- 
lysts a unique view of the entire cyber threat landscape. 

Symantec has been tracking the Lazarus group for over 5 years, and we have 
watched as their targets have evolved and their technical skills have improved. Over 
the years we have linked numerous attacks to Lazarus, including the attack on 
Sony Pictures, the Bangladesh Central bank heist, and the recent WannaCry 
ransomware outbreak. The United States Government has publicly attributed the 
attack on Sony to the Democratic People’s Republic of Korea. 

In my testimony I will provide an assessment of the Lazarus group’s technical ca- 
pabilities and provide an overview of several attacks that we have connected to 
them. As an initial matter, however, I want to offer a few high-level observations 
on Lazarus: 

e First, their attacks are unusual both in the breadth of their targets and the 

goals of their attacks. 

e Second, Lazarus shows little hesitation to engage in activity that might give 

other attack groups pause. 

e Finally, Lazarus targets a variety of disparate sectors, many simultaneously, 

and is very quick to move from target to target. 

Lazarus’ technical capabilities have improved dramatically in recent years, and 
we now view them as above-average in overall skills, and expert in some areas. In 
particular, Lazarus has shown excellent skills when conducting reconnaissance and 
researching operations, and over the past 3 to 4 years the quality of the malware 
they are producing has increased dramatically. Higher-quality malware is harder to 
detect, and this coupled with Lazarus’ improving operational security steps could 
make it harder to connect future attacks with the group. The group is also a prolific 
developer of malware—while other highly sophisticated attack groups have a tend- 
ency to rely on a single malware family for a sustained campaign, Lazarus is more 
likely to use a unique (but less complex) piece of malware for each effort without 
concern for it being discovered within a shorter time frame so long as they achieve 
a specific end. 

In other areas, Lazarus has shown a lack of overall ability that has at time ham- 
pered its ability to complete an operation successfully. Specifically, the WannaCry 
attacks yielded no apparent financial gain because the collection component was not 
set up properly, and the attack on the Bangladesh Central Bank was discovered and 
halted due to a typographical error. Unfortunately, these are relatively simple er- 
rors to correct and given Lazarus’ ability to adapt and improve in recent years they 
are unlikely to repeat them in future operations. 

Lazarus has been connected to attacks on a wide variety of sectors—from the en- 
tertainment industry to critical infrastructure to government systems to the finan- 
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cial sector. And unlike other groups that have been publicly connected to nation- 
states, Lazarus has attacked individual end-users of the internet. Lazarus’ methods 
have also run the gamut, and include denial-of-service attacks, highly targeted (and 
highly sophisticated) intrusions, destructive attacks, and the use of ransomware. 
Below I will address three specific campaigns. 


BANGLADESH CENTRAL BANK THEFT 


In early 2016, Lazarus stole $81 million from Bangladesh’s central bank—and but 
for a typographical error might have made off with as much as $1 billion. They ex- 
ploited weaknesses in the bank’s security to infiltrate its network and steal its Soci- 
ety for Worldwide Interbank Financial Telecommunication (SWIFT) credentials, al- 
lowing them to initiate fraudulent transfers (it is important to recognize that 
SWIFT itself was not compromised; the attackers used stolen credentials to initiate 
fraudulent transactions). 

This was a well-planned, sophisticated attack: In order to cover their tracks, the 
attackers used malware to doctor the bank’s printed confirmation messages to delay 
discovery of the transfers. They also began their attack at the start of a long week- 
end to reduce further the likelihood of a quick discovery. Once they obtained the 
bank’s SWIFT credentials, the group made several transfer requests to the Federal 
Reserve Bank of New York for it to transfer the Bangladesh bank’s money, pri- 
marily to locations in the Philippines and Sri Lanka. Four requests to transfer a 
total of $81 million to entities in the Philippines went through, but a request to 
transfer $20 million to a non-profit “foundation” in Sri Lanka raised suspicions be- 
cause foundation’s name was spelled incorrectly. 

The transfers were suspended and the fraud was uncovered when the Bangladeshi 
bank was asked for clarification on the Sri Lankan transfer. By then $81 million 
had been transferred, primarily into accounts related to casinos in the Philippines. 
One casino returned $15 million to Bangladesh, but the rest had disappeared. The 
methods used in this attack—in particular the in-depth knowledge of the SWIFT 
systems and the steps taken to cover tracks—evidence Lazarus’ growing technical 
skills. 

Our analysis of this attack found code sharing between the malware and other 
unique tools used by Lazarus in other attacks, including some in the financial sec- 
tor. Additionally, some of the tools used in the attack are connected to Lazarus. We 
have also seen this malware deployed against banks in the Philippines and Viet- 
nam. 


WANNACRY RANSOMWARE 


Though the WannaCry outbreak became a global story on May 12, 2017, our anal- 
ysis has revealed that an almost identical version of the ransomware was used in 
a small number of targeted attacks in February, March, and April of the same year. 
The key difference between the earlier versions of WannaCry and the one that be- 
came a global event was the method of propagation—the early version used stolen 
credentials to move through infected networks, while the May 12 version included 
the ability to self-propagate (known as a “worm”) that led to its rapid spread. 

In fact, within hours of the first detection, the May 12 version disrupted Britain’s 
National Health Service and Spanish telecom provider Telefonica. After a day, it 
had infected more than 230,000 computers in over 150 countries. At that point the 
infection rate plummeted, largely through good luck—a security researcher in the 
United Kingdom had unknowingly triggered a kill switch when he registered a do- 
main name he found within the code of the ransomware. This prevented the worm 
from moving laterally, greatly slowing the spread of the infection, effectively halting 
the initial outbreak and preventing it from becoming a significant event in the 
United States. Still, over the course of 3 days (May 12-15), we blocked WannaCry 
more than 22 million times on more than 300,000 devices. We were able to prevent 
WannaCry infections because we had already implemented protections for the un- 
derlying vulnerability. 

The May version of WannaCry was unique and dangerous because of how quickly 
it could spread. It was the first ransomware-as-a-worm that has had global impact; 
once on a system it propagated autonomously using the “Eternal Blue” vulnerability 
in the Windows Server Messaging Block (SMB) protocol. After gaining access to a 
computer, WannaCry installs a ransomware package that works in the same fashion 
as most modern crypto-ransomware: it finds and encrypts a range of files, then dis- 
plays a “ransom note” demanding a payment in bitcoin (in this case, $300 the first 
week; $600 the second week). 

WannaCry spread largely to unpatched computers. Though Microsoft released a 
patch for the SMB vulnerability for Windows 7 and newer operating systems in 
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March, unpatched systems and systems running XP or older operating systems were 
unprotected. After the WannaCry outbreak began, Microsoft released a patch for XP 
and earlier platforms. 

The May version of WannaCry was very effective at infecting computers and 
encrypting the data on them, but it also contained flaws that prevented the authors 
from collecting their ransom. Specifically, the ransomware was not coded correctly 
to allow the attackers to collect bitcoin payment from thousands of victims. Interest- 
ingly, the authors quickly recognized their error and released a corrected version 13 
hours after the outbreak began, but that version did not spread widely before the 
infection was largely halted. 

Our analysis found numerous links between WannaCry and known Lazarus oper- 
ations. The ransomware shares some code with previous malware used by Lazarus 
as well as some custom tools connected to the group. Additionally, we found three 
pieces of malware linked to Lazarus on the network of the target of the very first 
WannaCry attack in February, at least one of which was used in the Sony Pictures 
attacks. 


SONY PICTURES ENTERTAINMENT 


In 2014, Sony was preparing for the holiday release of “The Interview”, a film de- 
picting the fictional assassination of North Korean leader Kim Jong-un. On Novem- 
ber 24, Sony experienced a cyber attack that disabled its information technology 
network, destroyed data, and stole emails that were then leaked to the public in an 
effort to embarrass company officials. 

Individuals claiming to be the hackers then sent emails threatening “9/11-style” 
terrorist attacks on theaters scheduled to show the film, leading some theaters to 
cancel screenings and for Sony to cancel its wide-spread release. Much of the media 
and public attention revolved around the free speech implications of the attack, as 
well as the release of salacious emails between Hollywood executives and celebrities 
as well as the salaries paid to different movie stars. But from a cybersecurity stand- 
point, the “big” story of the attacks was the permanent destruction of computers and 
data—by one report, impacting as much as three quarters of the computers and 
servers at Sony Pictures headquarters. Many were damaged by “wiper” malware 
known as “Destover,” a particularly destructive variant which erased all the data 
on the machines, damaging them beyond repair.! The attacks reportedly had cas- 
cading effects that went well beyond the computers themselves—hampering essen- 
tial administrative functions like employee payroll, insurance, and contracts. The 
destructive element of the Sony attack is what sets it apart from most cyber attacks. 

On December 19, the FBI and the Director of National Intelligence (DNI) attrib- 
uted the cyber attacks to the North Korean government based on a number of fac- 
tors, including technical analysis on the wiper malware which included similar 
codes, encryption algorithms, and deletion methods to previous attacks linked to the 
North Korean government. Further, the FBI observed significant overlap in the in- 
frastructure used to conduct the Sony attack and previously known North Korean 
command and control infrastructure. Last, many of the tools and tactics used in the 
Sony attack had similarities to a cyber attack in March of 2013 against South Ko- 
rean banks and media outlets, which was carried out by North Korea.2 


CONCLUSION 


Lazarus is an aggressive and increasingly sophisticated attack group that has a 
demonstrated willingness to disrupt networks, steal money, and destroy computers 
and data. They learn from their mistakes and move rapidly from target to target. 
Unlike other major attack groups which typically focus on one sector or even one 
industry, Lazarus has no shown such limitations. This means that all industries and 
sectors, and all governments, have to assume that Lazarus may target them, and 
must prepare accordingly. Symantec continues to monitor Lazarus’ activities and 
will continue to share information with our government partners as well as publish 
reports of the activity we observe. Thank you for the opportunity to testify, and I 
would be happy to take any questions that you may have. 


Mr. PERRY. The Chair thanks the gentleman. 
Dr. Pry, the Chair now recognizes you for your opening state- 
ment. 


1https:/ /www.symantec.com / connect / blog / collaborative-operation-blockbuster-lazarus. 
2FBI National Press Office, “Update on Sony Investigation,” December 19, 2014 https:// 
www.fbi.gov / news /pressrel / press-releases / update-on-sony-investigation. 
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STATEMENT OF PETER VINCENT PRY, CHIEF OF STAFF, COM- 
MISSION TO ASSESS THE THREAT TO THE UNITED STATES 
FROM ELECTROMAGNETIC PULSE ATTACK 


Mr. Pry. Thank you for the opportunity to be here today to talk 
to you about the threat from North Korea, and particularly, the 
threat from electromagnetic pulse, EMP, which would result from 
the high-altitude detonation of a nuclear weapon. You know, gener- 
ating an EMP, which is, in effect, a super energetic radio wave, you 
might think of it, or super lightening that would destroy electronic 
systems, including electric grids and all the critical infrastructures 
that support life in this country and that depend upon them. 

This threat has been described a couple of times in the beginning 
of this hearing as unlikely. I would recommend that we not use 
that term in reference to an EMP. Maybe a better word would be 
“unknown.” I suspect people will continue to describe an EMP 
threat as unlikely right up until the day before North Korea actu- 
ally attacks us, just like we did with the 9/11 attack that, the day 
before it happened, would have been regarded as highly unlikely. 

What we do know is that North Korea has the capability to make 
an EMP attack right now, and does, right now, constitute an exis- 
tential threat to the United States. They detonated a hydrogen 
bomb on September 2. The new estimated yield on it is 250 kilo- 
tons. That single weapon could put an EMP field down out over, 
not just the United States, but all of North America that would 
cause the collapse of electric grids, transportation, communications, 
all the life-sustaining critical infrastructures. 

Now, it wouldn’t be a temporary blackout either. You know, it 
would take—we might not never recover from it. You know, if we 
are not prepared to defend our electric grid now and put in place 
the measures, and if they were to strike us now when we are un- 
protected, millions of Americans would die. Look at what is hap- 
pening in Puerto Rico now if you want to know what the con- 
sequences of an EMP attack would be. They have only been with- 
out electricity for a few weeks and many people are in fear of their 
lives, legitimately so. Imagine a Puerto Rico where there was no 
U.S. Government coming to the rescue, all right, and they were on 
their own for a year. You would have most of the population of that 
island perish, if we weren’t there to come in and help them. That 
is what would happen to the United States in the event of a North 
Korean nuclear EMP attack, which they could do today, all right, 
and with a single weapon. 

The intelligence community. The EMP Commission has been vir- 
tually alone, I think, in having a more accurate estimate of the 
threat from North Korea than the intelligence community has over 
these years. This summer should have been a humbling experience, 
you know, for those who want to dismiss or minimize the North 
Korean threats. Just 6 months ago, you know, many people were 
arguing that North Korea only had as few as 6, perhaps as many 
as 30 nuclear weapons. Now the intelligence community estimates 
that they have got 60 nuclear weapons. All right? They weren’t 
thought to have ICBMs that were capable of reaching the United 
States; maybe Alaska and Hawaii. Now we estimate that they can 
reach all of the United States. 
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So the intelligence community hasn’t had a good record on this. 
The EMP Commission though, on the other hand, has been right. 

Two days after that H bomb test, North Korea also released the 
technical report accurately describing the way a super EMP weap- 
on would work. We think they probably have that too, which would 
generate EMP fields even more powerful than that of the H bomb 
that they successfully tested. 

When we think of nuclear weapons, in the United States we 
think, well, North Korea would never cross the nuclear line, be- 
cause for us, that is a big, deep dark red line that we would very 
reluctantly cross. But the North Koreans don’t think that way 
about EMP, nor does Russia or China or Iran. In their military doc- 
trine, EMP is part of a cyber warfare, it is part of a combined 
armed cyber warfare campaign. 

The likelihood of a nuclear EMP attack is exactly the same as 
the likelihood of getting in a war with North Korea. If we get in 
a war with them, where they feel their regime is at risk, they will 
use everything within their power, including a nuclear EMP attack, 
to prevail. 

So how likely is a nuclear war with North Korea? It is not just 
up to us. It is also up to the North Koreans themselves, and they 
are entirely capable of miscalculation. 

Now, last, I’d like to just point in terms of what should we be 
doing. We are going in exactly the wrong direction in terms of our 
preparations for EMP. Just 2 weeks ago, a senior official at the De- 
partment of Homeland Security described the EMP threat as theo- 
retical and something that we needed to study a lot longer. That 
is basically the plan that the U.S. Government is on now. The De- 
partment of Energy, the Department of Homeland Security, and 
the National labs want to spend millions of dollars continuing to 
study the EMP threat way out to 2020 and beyond, when the EMP 
Commission has already spent 17 years studying the threat, has 
repeatedly told Congress this is a real threat here and now and we 
know how to protect against and it can be done cost-effectively. 
That is all true. 

I hope that a project called the Louisiana Project that the EMP 
Commission started with the Department of Homeland Security 
under Secretary Kelly will survive the death of the EMP Commis- 
sion. In this project, we have been working with the State of Lou- 
isiana to prove that you can protect a State electric grid very cost- 
effectively. I think people will be surprised, if it is allowed to go 
forward, at how little it would cost, and it would provide a para- 
digm for all the other States to follow. 

Thank you so much for hearing me out. 

[The prepared statement of Mr. Pry follows:] 


PREPARED STATEMENT OF PETER VINCENT PRY 


OCTOBER 12, 2017 


During the Cold War, major efforts were undertaken by the Department of De- 
fense to assure that the U.S. National command authority and U.S. strategic forces 
could survive and operate after an EMP attack. However, no major efforts were then 
thought necessary to protect critical National infrastructures, relying on nuclear de- 
terrence to protect them. With the development of small nuclear arsenals and long- 
range missiles by new, radical U.S. adversaries, beginning with North Korea, the 
threat of a nuclear EMP attack against the United States becomes one of the few 
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ways that such a country could inflict devastating damage to the United States. It 
is critical, therefore, that the U.S. National leadership address the EMP threat as 
a critical and existential issue, and give a high priority to assuring the leadership 
is engaged and the necessary steps are taken to protect the country from EMP. 

By way of background, the Commission to Assess the Threat to the United States 
from Electromagnetic Pulse (EMP) Attack was established by Congress in 2001 to 
advise the Congress, the President, Department of Defense, and other departments 
and agencies of the U.S. Government on the nuclear EMP threat to military systems 
and civilian critical infrastructures. The EMP Commission was re-established in 
2015 with its charter broadened to include natural EMP from solar storms, all man- 
made EMP threats, cyber attack, sabotage, and Combined-Arms Cyber Warfare. The 
EMP Commission charter gives it access to all relevant Classified and Unclassified 
data and the power to levy analysis upon the Department of Defense. 

On September 30, 2017, the Department of Defense, after withholding a signifi- 
cant part of the monies allocated by Congress to support the work of the EMP Com- 
mission for the entirety of 2016, terminated funding the EMP Commission. In the 
same month, North Korea detonated an H-Bomb that it plausibly describes as capa- 
ble of “super-powerful EMP” attack and released a technical report “The EMP Might 
of Nuclear Weapons” accurately describing what Russia and China call a “Super- 
EMP” weapon. 

Neither the Department of Defense nor the Department of Homeland Security has 
asked Congress to continue the EMP Commission. The House version of the Na- 
tional Defense Authorization Act includes a provision that would replace the exist- 
ing EMP Commission with new Commissioners. Yet the existing EMP Commission 
comprises the Nation’s foremost experts who have been officially or unofficially con- 
tinuously engaged trying to advance National EMP preparedness for 17 years. 

And today, as the EMP Commission has long warned, the Nation faces a poten- 
tially imminent and existential threat of nuclear EMP attack from North Korea. Re- 
cent events have proven the EMP Commission’s critics wrong about other highly im- 
portant aspects of the nuclear missile threat from North Korea: 

e Just 6 months ago, most experts thought North Korea’s nuclear arsenal was 
primitive, some academics claiming it had as few as 6 A-Bombs. Now the intel- 
ligence community reportedly estimates North Korea has 60 nuclear weapons. 

e Just 6 months ago, most experts thought North Korea’s ICBMs were fake, or 
if real could not strike the U.S. mainland. Now the intelligence community re- 
portedly estimates North Korea’s ICBMs can strike Denver and Chicago, and 
perhaps the entire United States. 

e Just 6 months ago, most experts thought North Korea was many years away 
from an H-Bomb. Now it appears North Korea has H-Bombs comparable to so- 
phisticated U.S. two-stage thermonuclear weapons. 

e Just 6 months ago, most experts claimed North Korean ICBMs could not minia- 
turize an A-Bomb or design a reentry vehicle for missile delivery. Now the intel- 
ligence community reportedly assesses North Korea has miniaturized nuclear 
weapons, and has developed reentry vehicles for missile delivery, including by 
ICBMs that can strike the United States.1 

After massive intelligence failures grossly underestimating North Korea’s long- 
range missile capabilities, number of nuclear weapons, warhead miniaturization, 
and proximity to an H-Bomb, the biggest North Korean threat to the United States 
remains unacknowledged—nuclear EMP attack. 

North Korea confirmed the EMP Commission’s assessment by testing an H-Bomb 
that could make a devastating EMP attack, and in its official public statement: “The 
H-Bomb, the explosive power of which is adjustable from tens of kilotons to hun- 
dreds of kilotons, is a multi-functional thermonuclear weapon with great destructive 
power which can be detonated even at high altitudes for super-powerful EMP attack 
according to strategic goals.”2 

As noted earlier, Pyongyang also released a technical report accurately describing 
a “Super-EMP” weapon.* 


1 Joby Warwick, Ellen Nakashima, Anna Fifield, “North Korea Is No Making Missile-Ready 
Nuclear Weapons, U.S. Analysts Say” Washington Post, August 18, 2017; Michelle Ye Hee Lee, 
‘North Korean Nuclear Test May Have Been Twice As Strong As First Thought” Washington 
Post, September 13, 2017; Jack Kim, Soyoung Kim, “North Korea Says It Has Developed A More 
Advanced Hydrogen Bomb That Can Be Loaded Onto An ICBM” Business Insider, September 
2, 2017; NBC News, “‘A Big Hoax’: Experts Say North Korea Showing Off Missiles That Can’t 
Fly” August 15, 2013. 

2 Bill Gertz, “Korea Nuclear Test Furthers EMP Bomb” Washington Free Beacon, September 
6, 2017. 

3Tbid. Kim Song-won, Dean of Kim Chaek University of Technology “The EMP Might of Nu- 
clear Weapons” Rodong Sinmun, Pyongyang, September 4, 2017. 
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Just 6 months ago, some academics dismissed EMP Commission warnings and 
even, literally, laughed on National Public Radio at the idea North Korea could 
make an EMP attack. 


PRIMITIVE AND “SUPER-EMP” NUCLEAR WEAPONS ARE BOTH EMP THREATS 


The EMP Commission finds that even primitive, low-yield nuclear weapons are 
such a significant EMP threat that rogue states, like North Korea, or terrorists may 
well prefer using a nuclear weapon for EMP attack, instead of destroying a city: 
“Therefore, terrorists or state actors that possess relatively unsophisticated missiles 
armed with nuclear weapons may well calculate that, instead of destroying a city 
or military base, they may obtain the greatest political-military utility from one or 
a few such weapons by using them—or threatening their use—in an EMP attack.”4 

The EMP Commission 2004 Report warns: “Certain types of relatively low-yield 
nuclear weapons can be employed to generate potentially catastrophic EMP effects 
over wide geographic areas, and designs for variants of such weapons may have 
been illicitly trafficked for a quarter-century.”> 

In 2004, two Russian generals, both EMP experts, warned the EMP Commission 
that the design for Russia’s Super-EMP warhead, capable of generating high-inten- 
sity EMP fields over 100,000 volts per meter, was “accidentally” transferred to 
North Korea. They also said that due to “brain drain,” Russian scientists were in 
North Korea, as were Chinese and Pakistani scientists according to the Russians, 
helping with the North’s missile and nuclear weapon programs. In 2009, South Ko- 
rean military intelligence told their press that Russian scientists are in North Korea 
helping develop an EMP nuclear weapon. In 2013, a Chinese military commentator 
stated North Korea has Super-EMP nuclear weapons.® 

Super-EMP weapons are low-yield and designed to produce not a big kinetic ex- 
plosion, but rather a high level of gamma rays, which generates the high-frequency 
E1 EMP that is most damaging to the broadest range of electronics. North Korean 
nuclear tests, including the first in 2006, whose occurrence was predicted to the 
EMP Commission 2 years in advance by the two Russian EMP experts, mostly have 
yields consistent with the size of a Super-EMP weapon. The Russian generals’ accu- 
rate prediction about when North Korea would perform its first nuclear test, and 
of a yield consistent with a Super-EMP weapon, indicates their warning about a 
North Korean Super-EMP weapon should be taken very seriously. 


EMP THREAT FROM SATELLITES 


While most analysts are fixated on when in the future North Korea will develop 
highly reliable intercontinental missiles, guidance systems, and reentry vehicles ca- 
pable of striking a U.S. city, the threat here and now from EMP is largely ignored. 
EMP attack does not require an accurate guidance system because the area of effect, 
having a radius of hundreds or thousands of kilometers, is so large. No reentry vehi- 
cle is needed because the warhead is detonated at high-altitude, above the atmos- 
phere. Missile reliability matters little because only one missile has to work to make 
an EMP attack against an entire Nation. 

North Korea could make an EMP attack against the United States by launching 
a short-range missile off a freighter or submarine or by lofting a warhead to 30 kilo- 
meters burst height by balloon. While such lower-altitude EMP attacks would not 
cover the whole U.S. mainland, as would an attack at higher-altitude (300 kilo- 
meters), even a balloon-lofted warhead detonated at 30 kilometers altitude could 
blackout the Eastern Electric Power Grid that supports most of the population and 
generates 75 percent of U.S. electricity. 

Or an EMP attack might be made by a North Korean satellite, right now. 

A Super-EMP weapon could be relatively small and lightweight, and could fit in- 
side North Korea’s Kwangmyongsong—3 (KMS-—3) and Kwangmyongsong—4 (KMS-4) 
satellites. These two satellites presently orbit over the United States, and over every 
other nation on Earth—demonstrating, or posing, a potential EMP threat against 
the entire world. 


4Commission to Assess the Threat to the United States from Electromagnetic Pulse (EMP) 
Attack, Executive Report, 2004, p. 2. 

5 Tbid. 

6U.S. Senate, Hearing, Statement for the Record, Dr. Peter Vincent Pry, “Foreign Views of 
Electromagnetic Pulse (EMP) Attack” testimony on behalf of EMP Commission before the Sub- 
committee on Terrorism, Technology, and Homeland Security, Senate Committee on the Judici- 
ary (Washington, DC: March 9, 2005); Kim Min-sek and Yoo Jee-ho, “Military Source Warns 
of North’s EMP Bomb” JoonAng Daily (September 2, 2009); Li Daguang, “North Korean Electro- 
magnetic Attack Threatens South Korea’s Information Warfare Capabilities” Tzu Chin, No. 260 
(June 1, 2012) pp. 44-45. 
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North Korea’s KMS-3 and KMS-4 satellites were launched to the south on polar 
trajectories and passed over the United States on their first orbit. Pyongyang 
launched KMS-4 on February 7, 2017, shortly after its fourth illegal nuclear test 
on January 6, that began the present protracted nuclear crisis with North Korea. 

The south polar trajectory of KMS-3 and KMS-4 evades U.S. Ballistic Missile 
Early Warning Radars and National Missile Defenses, resembling a Russian secret 
weapon developed during the cold war, called the Fractional Orbital Bombardment 
System (FOBS) that would have used a nuclear-armed satellite to make a surprise 
EMP attack on the United States.” 

Ambassador Henry Cooper, former director of the U.S. Strategic Defense Initia- 
tive, and a preeminent expert on missile defenses and space weapons, has written 
numerous articles warning about the potential North Korean EMP threat from their 
satellites. For example, on September 20, 2016 Ambassador Cooper wrote: 


U.S. ballistic missile defense (BMD) interceptors are designed to intercept a few 
North Korean ICBMs that approach the United States over the North Polar region. 
But current U.S. BMD systems are not arranged to defend against even a single 
ICBM that approaches the United States from over the South Polar region, which 


is the direction toward which North Korea launches its satellites . . . This is not 
a new idea. The Soviets pioneered and tested just such a specific capability decades 
ago—we call it a Fractional Orbital Bombardment System (FOBS) . . . So, North 


Korea doesn’t need an ICBM to create this existential threat. It could use its dem- 
onstrated satellite launcher to carry a nuclear weapon over the South Polar region 
and detonate it . . . over the United States to create a high-altitude electromagnetic 
pulse (HEMP) . . . The result could be to shut down the U.S. electric power grid 
for an indefinite period, leading to the death within a year of up to 90 percent of 
all Americans—as the EMP Commission testified over 8 years ago.® 


Former NASA rocket scientist James Oberg visited North Korea’s Sohae space 
launch base, witnessed elaborate measures undertaken to conceal space launch pay- 
loads, and concludes in a 2017 article that the EMP threat from North Korea’s sat- 
ellites should be taken seriously: 


“ 


. there have been fears expressed that North Korea might use a satellite to 
carry a small nuclear warhead into orbit and then detonate it over the United States 
for an EMP strike. These concerns seem extreme and require an astronomical scale 
of irrationality on the part of the regime. The most frightening aspect, I’ve come to 
realize, is that exactly such a scale of insanity is now evident in the rest of their 
‘space program.’ That doomsday scenario, it now seems, has been plausible enough 
to compel the United States to take active measures to insure that no North Korean 
satellite, unless thoroughly inspected before launch, be allowed to reach orbit and 
ever overfly the United States.” 


Kim Jong-un has threatened to reduce the United States to “ashes” with “nuclear 
thunderbolts” and threatened to retaliate for U.S. diplomatic and military pressure 
by “ordering officials and scientists to complete preparations for a satellite launch 
as soon as possible” amid “the enemies’ harsh sanctions and moves to stifle” the 
North.1° North Korean press (for example in Rodong Sinmun; March 7, 2016) as- 
serts readiness for “any form of war” and includes their satellite with “strength- 
ening of the nuclear deterrent and legitimate artificial satellite launch, which are 
our fair and square self-defensive choice.” Moreover: “The nuclear [weapons] we pos- 
sess are, precisely, the country’s sovereignty, right to live, and dignity. Our satellite 


7Miroslav Gyurosi, The Soviet Fractional Orbital Bombardment System Program, (January 
2010) Technical Report APA-TR—2010-010. 

8 Ambassador Henry F. Cooper, “Whistling Past The Graveyard .. . ” High Frontier (Sep- 
tember 20, 2016) highfrontier.org /sept-20-2016-whistling-past-the-graveyard/ See _ also: 
highfrontier.org / category /fobs. On up to 90 percent U.S. fatalities from an EMP attack, during 
a Congressional hearing, Rep. Roscoe Bartlett asked me if such high fatalities could result, and 
I responded: “We don’t have experience with losing the infrastructure in a country with 300 mil- 
lion people, most of whom don’t live in a way that provides for their own food and other needs. 
We can go back to an era when people did live like that. That would be—10 percent would be 
30 million people, and that is probably the range where we could survive as a basically rural 
economy.” U.S. House of Representatives, Hearing, “Threat Posed By Electromagnetic Pulse 
(EMP) Attack” Committee on Armed Services (Washington, DC: July 10, 2008), p. 9. 

°Jim Oberg, Space Review (February 6, 2017) www.thespacereview.com/article/3164/lin a 
2017 article. 

10 Alex Lockie, “North Korea Threatens ‘Nuclear Thunderbolts’ As U.S. And China Finally 
Work Together” American Military News (April 14, 2017); Fox News, “U.S. General: North 
Korea ‘Will’ Develop Nuclear Capabilities To Hit America” (September 20, 2016) 
www.foxnews.com /world /2016/09/20/north-korea-says-successfully-ground-tests-new-rocket-en- 
gine.html. 
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that cleaves through space is the proud sign that unfolds the future of the most 
powerful state in the world.” The same article, like many others, warns North Korea 
makes “constant preparations so that we can fire the nuclear warheads, which have 
been deployed for actual warfare for the sake of national defense, at any moment!” 

An earlier generation immediately understood the alarming strategic significance 
of Sputnik in 1957, yet few today understand or even care about the strategic sig- 
eae = North Korea’s satellites, perhaps because of wide-spread ignorance 
about : 


ADDRESSING MISINFORMATION 


Misinformation about EMP abounds in the media, and even in many allegedly se- 
rious studies, from uninformed persons posturing as experts, who have no com- 
petency in EMP. False claims are often made that the EMP threat is “not real” but 
merely theoretical and greatly overblown.1! 

For example, one academic often quoted by the press claims that during the 1962 
STARFISH PRIME high-altitude nuclear test, “just one string of street lights failed 
in Honolulu” and that this proved EMP is no threat.!2 In fact, the EMP knocked- 
out 36 strings of street lights, caused a telecommunications microwave relay station 
to fail, burned out HF (High-Frequency) radio links (used for long-distance commu- 
nications), set off burglar alarms, and caused other damage.!8 

The Hawaiian Islands did not experience a catastrophic protracted blackout be- 
cause they were on the far edge of the EMP field contour, where effects are weakest; 
are surrounded by an ocean, which mitigates EMP effects; and were still in an age 
dominated by vacuum tube electronics. 

STARFISH PRIME was not the only test of this kind. Russia in 1961-62 also con- 
ducted a series of high-altitude nuclear bursts to test EMP effects over Kazakhstan, 
an industrialized area nearly as large as Western Europe.!4 That test destroyed the 
Kazakh electric grid.15 Moreover, modern electronics, in part because they are de- 
signed to operate at much lower voltages, are much more vulnerable to EMP than 
the electronics of 1962 exposed to STARFISH PRIME and the Kazakh nuclear tests. 
A similar EMP event over the United States today would be an existential threat.16 

Another academic wrongly asserts that because EMP from atmospheric nuclear 
tests in Nevada did not blackout Las Vegas, therefore EMP is no threat. The nu- 
clear tests he describes were all endo-atmospheric tests that do not generate appre- 
ciable EMP fields beyond a range of about 5 miles. The high-altitude EMP (HEMP) 
threat of interest requires exo-atmospheric detonation, at 30 kilometers altitude or 
above, and produces EMP out to ranges of hundreds to thousands of miles. Las 
Vegas was not affected by the Nevada tests because they were endo-atmospheric nu- 
clear tests that generated no HEMP.!” 

The same academic also miscalculates that “a 20-kiloton bomb detonated at opti- 
mum height would have a maximum EMP damage distance of 20 kilometers” in 
part, because he assumes “15,000 volts/meter or higher” in the E1 EMP component 
is necessary for damage. This figure is an extreme overestimate of system damage 
field thresholds. Damage and upset to electronic systems will happen from E1 EMP 
field strengths far below the academic’s “15,000 volts/meter or higher.” A one meter 
wire connected to a semiconductor device, such as a mouse cord or interconnection 
cable, would place hundreds to thousands of volts on microelectronic devices out to 
ranges of hundreds of miles for low-yield nuclear devices. Based on omission and 


11See for example: Jeffrey Lewis, “Would A North Korean Space Nuke Really Lay Waste to 
the U.S.?” New Scientist, www.newscientist.com/article/2129618,; Lewis quoted in Cheyenne 
MacDonald, “A North Korean ‘Space Nuke’ Wouldn’t Lay Waste To America” Daily Mail, May 
3, 2017; Lewis interviewed by National Public Radio, “The North Korean Electromagnetic Pulse 
Threat, Or Lack Thereof? www.npr.org/2017/04/27/525833275; www.naturalnews.com /2017- 
05-01-npr-laughs-hysterically-north-korean-emp-nuclear-attack.html. 

12 Tbid. 

13Dr. William R. Graham, “North Korean Nuclear EMP Attack: An Existential Threat” 38 
North, June 2, 2017. 

14High-altitude EMP (HEMP), the phenomenon under discussion, results from the detonation 
of a nuclear weapon at high-altitude, 30 kilometers or higher. All nuclear weapons, even a 
primitive Hiroshima-type A-bomb, can produce levels of HEMP damaging to modern electronics 
over large geographic regions. 

15 According to Electric Infrastructure Security Council, Report: USSR Nuclear EMP Upper 
Atmosphere Kazakhstan Test 184, (www.eiscouncil.org/APP__Data/upload /a4ce4b06-1a77-44d- 
83eb-842bb2a56fc6.pdf), citing research by Oak Ridge National Laboratory, a comparable EMP 
event over the United States today “would likely damage about 365 large transformers in the 
U.S. power grid, leaving about 40 percent of the U.S. population without electrical power for 
4 to 10 years.” 

16 HMP Commission Executive Report, op. cit., pp. 4-8. 

17 Jack Liu, “A North Korean EMP Attack? . . . Unlikely” 38 North, May 5, 2017. 
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other experience with many EMP tests, semiconductor junctions, operating at a few 
volts, will experience breakdown at a few volts over their operating point, allowing 
their power supply to destroy the junctions experiencing breakdown.!8 

The same academic and many other non-experts also ignore system upset as a 
vulnerability. Digital electronics can be upset by extraneous pulses of a few volts. 
For unmanned control systems present within the electric power grids, long-haul 
communication repeater stations, and gas pipelines, an electronic upset is tanta- 
mount to permanent damage. Temporary upset of electronics can also have cata- 
strophic consequences for military operations. No electronics should be considered 
invulnerable to EMP unless hardened and tested to certify survivability. Some high- 
ly critical unprotected electronics have been upset or damaged in simulated EMP 
tests, not at “15,000 volts/meter or higher,” but at threat levels far below 1,000 
volts/meter.19 

The North Korean missile test on April 29, 2017, which apparently detonated at 
an altitude of 72 kilometers, the optimum height-of-burst for EMP attack by a 10 
KT warhead, would create a potentially damaging EMP field spanning, not the aca- 
demic’s miscalculated 20 kilometers radius, but to about 930 kilometers radius [Kil- 
ometers Radius=110 (Kilometers Burst Height to the 0.5 Power)|.?° 

Therefore, even for a low-yield 10—20 kiloton weapon, the EMP field should be 
considered dangerous for unprotected U.S. systems. The EMP Commission 2004 Re- 
port warned against the U.S. military’s increasing use of commercial-off-the-shelf- 
technology that is not protected against EMP: “Our increasing dependence on ad- 
vanced electronics systems results in the potential for an increased EMP vulner- 
ability of our technologically advanced forces, and if unaddressed makes EMP em- 
ployment by an adversary an attractive asymmetric option.”21 


EMPIRICAL BASIS FOR EMP THREAT BETTER ESTABLISHED THAN CYBER THREAT 


The empirical basis for the threat of an EMP attack to electric grids and other 
critical infrastructures is far deeper and broader than the data for cyber attacks or 
sabotage. The notion that a cyber attack or sabotage can plunge the United States 
into a protracted blackout—while very real threats that warrant deep concern—are 
far more theoretical constructs than EMP attack. 

We know for certain that EMP will cause wide-spread damage of electronics and 
protracted black-out of unprotected electric grids and other critical infrastructures 
from such hard data as: 

e The U.S. STARFISH PRIME high-altitude nuclear test in 1962 over Johnston 
Island that generated an EMP field over the Hawaiian Islands, over 1,300 kilo- 
meters away, causing wide-spread damage to electronic systems.?? 

e Six Russian EMP tests 1961-1962 over Kazakhstan that with a single weapon 
destroyed electric grids over an area larger than Western Europe, proving this 
capability six times.?° 

e 30 years (1962-1992) of U.S. underground nuclear testing that included col- 
lecting data on EMP effects. 

e Over 50 years of testing by EMP simulators, still on-going, including by the 
Congressional EMP Commission (2001-2008) that proved modern electronics 
are over 1 million times more vulnerable to EMP than the electronics of 1962.24 

Moreover, hard data proving the threat from nuclear EMP is available from nat- 
ural EMP generated by geomagnetic storms, accidental damage caused by electro- 
magnetic transients, and non-nuclear radiofrequency weapons (RF weapons). All of 
these produce field strengths much less powerful than nuclear EMP, and in the case 
of accidental electromagnetic transients and radiofrequency weapons, much more lo- 
calized. There are many thousands of such cases. 


18 Thid. 

19 Tbid. 

20 Tbid. 

21 EMP Commission, Executive Report, op. cit., p. 47. 

22Phil Plait, “The 50th Anniversary of Starfish Prime: The Nuke That Shook The World” Dis- 
cover, July 9, 2012. 

23 Jerry Emanuelson, “Soviet Test 184: The 1962 Soviet Nuclear EMP Tests Over Kazakhstan” 
Future Science, Undated; Vladimir M. Loborev, “Up-to-Date State of the NEMP Problems and 
Topical Research Directions” Electromagnetic Environments and Consequences: Proceedings of 
the European International Symposium on Electromagnetic Environments, EUROEM Con- 
ference, Bordeaux, France, 1994; V. N. Mikhailov, The Nuclear Tests of the USSR, Vol. 2, Insti- 
tute of Strategic Stability, Rosatom. 

24“Flectromagnetic Pulse: Threat to Critical Infrastructures” Hearing before the Sub- 
committee on Cybersecurity, Infrastructure Protection, and Security Technologies, House Com- 
mittee on Homeland Security, Washington, DC: May 8, 2014. 
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Many documented examples of successful attacks using RF weapons, and acci- 
dents involving electromagnetic transients, are described in the Department of De- 
fense Pocket Guide for Security Procedures and Protocols for Mitigating Radio Fre- 
quency Threats (Technical Support Working Group, Directed Energy Technical Of- 
fice, Dahlgren Naval Surface Warfare Center). A few examples: 

e “Radio Frequency Weapons were used in separate incidents against the U.S. 
Embassy in Moscow to falsely set off alarms and to induce a fire in a sensitive 
area.” 

e “In Kzlyar, Dagestan, Russia, Chechen rebel commander Salman Raduyev dis- 
abled police radio communications using RF transmitters during a raid.” 

¢ “In June 1999 in Bellingham, Washington, RF energy from a radar induced a 
SCADA malfunction that caused a gas pipeline to rupture and explode.” 

e “In 1999, a Robinson R—44 news helicopter nearly crashed when it flew by a 
high-frequency broadcast antenna.” 

e North Korea used a Radio Frequency Weapon, purchased from Russia, to attack 
airliners and impose an “electromagnetic blockade” on air traffic to Seoul, South 
Korea’s capital. The repeated attacks by RFW also disrupted communications 
and the operation of automobiles in several South Korean cities in December 
2010; March 9, 2011; and April-May 2012.25 


VULNERABILITIES TO EMP 


When assessing the potential vulnerability of U.S. military forces and civilian crit- 
ical infrastructures to EMP, it is necessary to be mindful of the complex inter- 
dependencies of these highly networked systems, because EMP upset and damage 
of a very small fraction of the total system can cause total system failure.26 

Real-world failures of electric grids from various causes indicate that a nuclear 
EMP attack would have catastrophic consequences. Significant and highly disrup- 
tive blackouts have been caused by single-point failures cascading into system-wide 
failures, originating from damage comprising far less than 1 percent of the total sys- 
tem. For example: 

e The Great Northeast Blackout of 2003—that put 50 million people in the dark 
for a day, contributed to at least 11 deaths, and cost an estimated $6 billion— 
originated from a single failure point when a power line contacted a tree 
branch, damaging less than 0.0000001 (0.00001 percent) of the system. 

e The New York City Blackout of 1977, that resulted in the arrest of 4,500 looters 
and injury of 550 police officers, was caused by a lightning strike on a sub- 
station that tripped two circuit breakers. 

e The Great Northeast Blackout of 1965, that affected 30 million people, hap- 
pened because a protective relay on a transmission line was improperly set. 

e India’s nation-wide blackout of July 30-31, 2012—the largest blackout in his- 
tory, affecting 670 million people, 9 percent of the world population—was 
caused by overload of a single high-voltage power line. 

e India’s blackout of January 2, 2001—affecting 226 million people—was caused 
by equipment failure at the Uttar Pradesh substation. 

e Indonesia’s blackout of August 18, 2005—affecting 100 million people—was 
caused by overload of a high-voltage power line. 

e Brazil’s blackout of March 11, 1999—affecting 97 million people—was caused by 
a lightning strike on an EHV transformer substation. 

e Italy’s blackout of September 28, 2003—affecting 55 million people—was caused 
by overload of two high-voltage power lines. 

e Germany, France, Italy, and Spain experienced partial blackouts on November 
4, 2006—affecting 10-15 million people—from accidental shutdown of a high- 
voltage power line. 

e The San Francisco blackout in April 2017 was caused by the failure of a single 
high-voltage breaker. 

In contrast to the above blackouts caused by single-point or small-scale failures, 

a nuclear EMP attack would inflict massive wide-spread damage to the electric grid 
causing millions of failure points. With few exceptions, the U.S. National electric 
grid is unhardened and untested against nuclear EMP attack. 

In the event of a nuclear EMP attack on the United States, a wide-spread pro- 
tracted blackout is inevitable. This common-sense assessment is also supported by 
the Nation’s best computer modeling: 


25“Massive GPS Jamming Attack By North Korea” GPSWORLD.COM, May 8, 2012. 
26 Report of the Commission to Assess the Threat to the United States from Electromagnetic 
Pulse (EMP) Attack, Critical National Infrastructures, 2008, passim. 
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¢ Modeling by the U.S. Federal Energy Regulatory Commission (FERC) report- 
edly assesses that a terrorist attack that destroys just 9 of 2,000 EHV trans- 
formers—merely 0.0045 (0.45 percent) of all EHV transformers in the U.S. Na- 
tional electric grid—would be catastrophic damage, causing a protracted Nation- 
wide blackout. 
¢ Modeling by the Congressional EMP Commission assesses that a terrorist nu- 
clear EMP attack, using a primitive 10-kiloton nuclear weapon, could destroy 
dozens of EHV transformers, thousands of SCADAS and electronic systems, 
causing catastrophic collapse and protracted blackout of the U.S. Eastern Grid, 
putting at risk the lives of millions.27 
Thus, even if North Korea has only primitive, low-yield nuclear weapons, and 
likewise if other States or terrorists acquire one or a few such weapons, and the 
capability to detonate them at 30 kilometers or higher-altitude over the United 
States, as the EMP Commission warned over a decade ago in its 2004 Report: “The 
damage level could be sufficient to be catastrophic to the Nation, and our current 
vulnerability invites attack.”28 


WHAT IS TO BE DONE? 


We recommend establishing an Executive Agent—a Cabinet Secretary designated 
by the President—with the authority, accountability, and resources, to manage U.S. 
National infrastructure protection and defense against EMP and the other existential 
threats described above. Current institutional authorities and responsibilities—Gov- 
ernment, industry, regulatory agencies—are fragmented, incomplete, and unable to 
protect and defend against foreign hostile EMP threats or solar super-storms. 

We encourage the President to work with Congressional leaders to stand-up an ad 
hoc Joint Presidential-Congressional Commission, with its members charged with 
supporting the Nation’s leadership and providing expertise, experience, and oversight 
to achieve, on an accelerated basis, the protection of critical National infrastructures. 
The U.S. Federal Energy Regulatory Commission (FERC) and North American Elec- 
tric Reliability Corporation (NERC) have for nearly a decade been unable or unwill- 
ing to implement the EMP Commission’s recommendations. A Presidential-Congres- 
sional Commission on Critical Infrastructure Protection could engage the Free 
World’s preeminent experts on EMP and Combined-Arms Cyber Warfare to serve 
the entire Government in a manner akin to the Atomic Energy Commission of the 
1947-74 period, advising the administration’s actions to attain most quickly and 
most cost-effectively the protection essential to long-term National survival and 
well-being. The United States should not remain in our current state of fatal vulner- 
ability to well-known natural and man-made threats. 

We highly commend President Trump’s new Executive Order “Strengthening the 
Cybersecurity of Federal Networks and Critical Infrastructure” signed on May 11, 
2017. We strongly recommend that implementation of cybersecurity for the electric 
grid and other critical infrastructures include EMP protection, since all-out cyber 
warfare as planned by Russia, China, North Korea, and Iran includes nuclear EMP 
attack. However, current institutional arrangements for protecting and improving 
the reliability of the electric grids and other critical infrastructures through the 
United States. FERC and the NERC are not designed to address major National se- 
curity threats to the electric power grids and other National critical infrastructures. 
Using FERC and NERC to achieve this level of National security is beyond the pur- 
pose for which those organizations were created and has proven to be fundamentally 
unworkable. New institutional arrangements are needed to advance preparedness to 
survive EMP and related threats to our critical National infrastructures. 

We recommend that U.S. military forces and critical National infrastructures be 
protected from EMP as outlined in the EMP Commission’s Classified reports and Un- 
classified reports provided in 2004 and 2008. EMP protection of military systems 
and civilian/military critical National infrastructures can be achieved cost-effectively 
by a combination of operational procedures and physical hardening. It is not nec- 


27¥For the best Unclassified modeling assessment of likely damage to the U.S. National electric 
grid from nuclear EMP attack see: U.S. Federal Energy Regulatory Commission (FERC) Inter- 
agency Report, coordinated with the Department of Defense and Oak Ridge National Labora- 
tory: Electromagnetic Pulse: Effects on the U.S. Power Grid, Executive Summary (2010); FERC 
Interagency Report by Edward Savage, James Gilbert and William Radasky, The Early Time 
(E1) High-Altitude Electromagnetic Pulse (HEMP) and Its Impact on the U.S. Power Grid (Meta— 
R-320) Metatech Corporation (January 2010); FERC Interagency Report by James Gilbert, John 
Kappenman, William Radasky, and Edward Savage, The Late-Time (E3) High-Altitude Electro- 
magnetic Pulse (HEMP) and Its Impact on the U.S. Power Grid (Meta—R-321) Metatech Cor- 
poration (January 2010). 

28 EMP Commission Executive Report, op. cit., p. 1. 
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essary to harden everything. Selective hardening of key critical nodes and equip- 
ment will suffice. Threat parameters are 200 kilovolts/meter for E1 EMP and 85 
volts/kilometer for E3 EMP. Critical National infrastructures are already adequately 
protected from E2 EMP, equivalent to lightning. 

We recommend, given the proximity and enormity of the threat from EMP and 
Combined-Arms Cyber Warfare, the President exercise leadership to implement im- 
mediate, mid-term, and long-term steps to deter and defeat this existential threat: 


Immediately: 


We recommend that the President declare that EMP or cyber attacks that black out 
or threaten to black out the National electric grid constitute the use of weapons of 
mass destruction that justify preemptive and retaliatory responses by the United 
States using all possible means, including nuclear weapons. Some potential adver- 
saries have the capability to produce a protracted Nation-wide blackout induced by 
EMP or Combined-Arms Cyber Warfare by the use of nuclear or non-nuclear means. 
A Defense Science Board study Resilient Military Systems and the Advanced Cyber 
Threat (January 2013) equates an all-out cyber-attack on the United States with the 
consequences of a nuclear attack, and concludes that a nuclear response is justified 
to deter or retaliate for cyber warfare that threatens the life of the Nation: “While 
the manifestation of a nuclear and cyber attack are very different, in the end, the 
existential impact to the United States is the same.” 

We recommend that the President issue an Executive Order, provided to the pre- 
vious White House, titled “Protecting the United States from Electromagnetic Pulse 
(EMP)”. Among many other provisions to protect the Nation from EMP on an emer- 
gency basis, the Executive Order would instantly mobilize a much-needed “whole- 
of-Government solution” to the EMP and combined-arms cyber threat: “All U.S. Gov- 
ernment Departments, Agencies, Offices, Councils, Boards, Commissions and other 


U.S. Government entities . . . shall take full and complete account of the EMP 
threat in forming policies and plans to protect United States critical 
infrastructures . . . ” Protecting the electric grids and other critical infrastructures 


from the worst threat—nuclear EMP attack—can, if carried out in a system-wide, 
integrated approach, help mitigate all lesser threats, including natural EMP, man- 
airs non-nuclear EMP, cyber attack, physical sabotage, and severe terrestrial 
weather. 

We recommend that the President direct the Secretary of Defense to include a Lim- 
ited Nuclear Option for EMP attack among the U.S. nuclear strike plans, and imme- 
diately make targeting and fusing adjustments to some of the nuclear forces needed 
to implement a nuclear EMP attack capability. 

We recommend that the President direct the Secretary of Defense to use National 
technical means to ascertain if there is a nuclear weapon aboard North Korea’s 
KMS-3 or KMS-4 satellites that orbit over the United States. If either or both of 
these satellites are nuclear-armed, they should be intercepted and destroyed over a 
broad ocean area where an EMP resulting from salvage-fusing will do the least dam- 
age to humanity. 

We recommend that the President direct the Secretary of Defense to post Aegis 
ships in the Gulf of Mexico and near the east and west coasts, to search for and be 
prepared to intercept missiles launched from freighters, submarines, or other plat- 
forms that might make a nuclear EMP attack on the United States. U.S. National 
Missile Defenses (NMD) are primarily located in Alaska and California and oriented 
for a missile attack coming at the United States from the north, and are not de- 
ployed to intercept a short-warning missile attack launched near the U.S. coasts. 

We recommend that the President direct the Secretary of Homeland Security to 
harden the FirstNet emergency communications system against EMP. 

We recommend that the President initiate training, evaluating, and “Red Teaming” 
efforts to protect the United States and in the event of an EMP attack to respond, 
and periodically report the results of these efforts to the Congress. 

Mid-Term: 

We recommend that the President direct the Secretary of Defense to deploy Aegis- 
ashore missile interceptors along the Gulf of Mexico coast to plug the hole in U.S. 
missile defenses. The United States has no Ballistic Missile Early Warning System 
radars or missile interceptors facing south, and is largely blind and defenseless from 
that direction, including to missiles launched from submarines or off ships, or from 
a nuclear-armed satellite orbiting on a south polar trajectory. 

We recommend that the President direct the Secretary of Defense to develop a 
space-surveillance program to detect if any satellites orbited over the United States 
are nuclear-armed, and develop space-interception capabilities to defend against nu- 
clear-armed satellites that might make an EMP attack. 
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We recommend that the President direct the Nuclear Regulatory Commission to 
launch a crash program to harden the over 100 nuclear power reactors and their 
spent fuel storage facilities against nuclear EMP attack. Nuclear power reactors typi- 
cally only have enough emergency power to cool reactor cores and spent fuel rods 
for a few days, after which they would “go Fukushima” spreading radioactivity over 
much of the United States. 

Long-Term: 


We recommend that the President through his Executive Agent protect elements of 
the National electric grids, the keystone critical infrastructure upon which all other 
critical infrastructures depend. Priority should be given to elements that are difficult 
and time-consuming to replace. Such elements can be protected from EMP at very 
low cost relative to the costs of an EMP catastrophe, and paid for without Federal 
dollars by a slight increase in user electric rates. We recommend that a similar ap- 
proach be taken to key elements of the National telecommunications infrastructure 
and other National critical infrastructures. 

We recommend the development and deployment of enhanced-EMP nuclear weap- 
ons and other means to deter adversary attack on the United States. Enhanced-EMP 
nuclear weapons, called by the Russians Super-EMP weapons, can be developed 
without nuclear testing. 

We recommend strengthening U.S. ballistic missile defenses—including deployment 
of space-based defenses considered by the Strategic Defense Initiative—and that these 
be designed and postured to also protect the United States from EMP attack. 


Mr. PERRY. The Chair thanks the gentleman. 

If you just hold, votes have just been called. I have got to try and 
figure out what we are going to do here quick. 

All right, folks, this is what we are going to do. Since the votes 
have been called, I am going to defer my questions, because I am 
going to come back. I am going to go to Mr. Duncan, Mr. Correa, 
and then to the other side. Then when the time is up, I am going 
to leave. We are going to vote, and then at least you know I am 
going to come back. If Mr. Higgins or anybody from—Ms. Barragan 
or anybody else from the other side wants to come back or anybody 
else on our side, you will have that option. I hope you guys can in- 
dulge us and stick around, but this is how things work here. 

So, with that, I will recognize Mr. Duncan. 

Mr. DuNCAN. I thank the Chairman for that. I thank the panel 
for being here. It has been very informative. 

Dr. Pry, I am going to skip North Korea for just a second. Be- 
cause of your past experience with Russian arms _ treaty 
verification, could you just touch on how difficult it is in Iran, as 
a closed society and a closed government, for our arms treaty folks 
and the IAEA to actually do inspections there? Then I have got a 
follow-up question about EMPs. But I would love to get your take 
on that. 

Mr. Pry. Iran has actually—practically told us that they are 
cheating on the Iran nuclear deal. There is a military textbook 
called Passive Defense that is, you know, a major textbook taught 
at their general staff academies, that describes, in admiring terms, 
Soviet successful cheating on arms control treaties during the Cold 
War, and how they manage to fool us in terms of the number of 
weapons, the quality of their weapons, and that this would be a 
good paradigm to follow for Iran. I mean, it is there in black and 
white. Congressman Trent Franks has a copy of the book. Unfortu- 
nately, it is not Unclassified. It should be Unclassified, but it is For 
Official Use Only, and so it can only be used by, you know, U.S. 
Government officials. 
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But in effect, they have told us in their military doctrine black 
and white, you know, that they plan to cheat on agreements in 
order to get nuclear weapons. 

In terms of the difficulty, I mean, I have written a number of ar- 
ticles on this. You know, at one of these military bases, there is a 
photograph that is actually available from Unclassified satellite im- 
agery that shows four high-energy power lines, each one carrying 
about 750,000 volts, going down underground into a facility. Some- 
thing is going on in one of those underground military facilities 
that require 

Mr. DUNCAN. These are at the military installation? 

Mr. Pry. Yes, that the IAEA has never looked at, that they don’t 
have an ability to investigate them. You know, that requires mil- 
lions of volts of electricity. You know, that could be running ura- 
nium centrifuges that they have that have not been declared that 
could be running, something like the Krasnoyarsk—26. You asked 
about our Cold War experience. For example, the Soviet Union had 
a whole nuclear reactor secretly hidden underground at a place 
called Krasnoyarsk—26 so that they could cheat on arms control 
treaties and make plutonium and uranium for nuclear weapons, 
and tritium as well, you know, and cheat on the treaties. 

Something that needs to be declassified is the—under President 
Reagan there was a thing called the General Advisory Committee 
Report on Arms Control Compliance 1959—I think it was 1983-84, 
up to that point, which the State Department has never allowed to 
be declassified. It goes through all of the major arms control trea- 
ties we had with the Soviet Union, demonstrate how they cheated 
on virtually every one. 

So we have a long history of the bad guys cheating on these trea- 
ties. At least half the problem is our unwillingness to acknowledge 
that, you know, because there are interests in this town that are 
very much in favor of not wanting to face the reality that arms con- 
trol doesn’t work. Just like there were people, oh, around Neville 
Chamberlain before World War II that didn’t want to acknowledge 
that the Nazis and the Japanese were cheating on the Washington 
Naval Treaty and other arms control agreements that existed be- 
fore World War II. 

Mr. DUNCAN. Thank you for that. 

Thank you, Mr. Chairman. 

Mr. PeRRy. The Chair thanks the gentleman and the witness for 
their indulgence. 

The Chair now recognizes the Ranking Member, Mr. Correa. 

Mr. CorrEA. Thank you, Mr. Chairman. 

Mr. Ruggiero, very quickly, you talked about some of the things 
we can do, failed policies. The question to you and some of the oth- 
ers, have we ever gone after the bank accounts of North Korean 
generals, business folks? I mean, you hit them at the pocketbook 
at an individual level, that would get a reaction. Have we ever at- 
tempted to do that? Have we done that? If you lose a couple of bil- 
lion dollars in a Swiss account, it may get your attention. 

Mr. RUGGIERO. Certainly, that would be useful. I think on leader- 
ship funds there is a question of where that money is. I think you 
made a good recommendation there in terms of countries in Europe 
that have—bank secrecy is the best way to look at it. 
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In 2005, the United States went after Banco Delta Asia in 
Macao, which was very successful. But since that time, more re- 
cently, we have started to go after North Koreans. The issue here 
is that in a lot of ways, this money is held in China, in Chinese 
banks, or in the name of Chinese companies, and that is why it is 
important now to go after Chinese companies 

Mr. CORREA. So we haven’t done—essentially, lack the tech- 
nology, the information, the knowledge, to figure out how to get 
that money? 

Mr. RUGGIERO. Well, I would say we are starting to do that now. 
Since May, the Trump administration has taken six actions against 
China. 

Mr. CorREA. If I may interrupt you. Nuke testing 11 years ago, 
rocket testing 20 years ago. If you figure, they are preparing for 
that even before that and it is just barely now that we are figuring 
this out. 

Mr. RUGGIERO. Certainly. 

Mr. CORREA. Very quickly, Dr. Pry, you talked about an EMP 
pulse not being theoretical, but essentially, a clear and present sit- 
uation. Why haven’t we reacted to it as a country? Is this a ques- 
tion of politics or is this a question of cost? If the answer is this 
is a threat here, we are going to go have to invest a lot of money 
to harden our systems. 

Mr. Pry. It isn’t chiefly a question of cost. You can actually pro- 
tect against EMP quite cost effectively. The EMP Commission esti- 
mated that for $2 billion, you know, we could protect the electric 
grid. You know, that is what we give away every year in foreign 
aid to Pakistan. 

I think it is a complex question as to why we haven't acted yet. 
Politics is mostly what it has to do with. 

The electric utilities in this country are not controlled by the 
Federal Government. You know, there are 3,000 independent utili- 
ties. No agency of the U.S. Government, including the U.S. Federal 
Energy Regulatory Commission, has the legisla-—has the author- 
ity, has the power to order them to protect the electric grid. They 
have spent vast amounts of money and huge effort lobbying against 
EMP, and not just EMP—— 

Mr. CorREA. But I would argue exactly that that is kind-of what 
we are going through with cybersecurity right now. 

Mr. PRY. Exactly, exactly. 

Mr. CORREA. Private sector, some folks want to step up, some 
folks don’t. Even the Federal Government, some folks—you know, 
agencies are there, some are not. 

Mr. Pry. The NERC has even opposed the tree branch threat. I 
mean, the great Northeast blackout of 2003 was caused when a 
tree branch hit a high-power voltage line in Ohio, and it put 50 
million Americans in the dark. FERC begged them to come up with 
a plan to avoid the tree branch threat in the future, because we 
can’t have 50 million Americans in the dark. It has taken them 10 
years to come up with a better, improved 

Mr. CorrEA. Thank you very much. 

Mr. PERRY. The Chair thanks the gentleman. 

The Chair now recognizes Mr. Higgins. 
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Mr. HicciIns. Mr. Chairman, in the interest of time, I defer my 
questions till we return. 

Mr. PERRY. Yes, sir. 

The Chair now recognizes Miss Rice. 

Miss Rick. Thank you, Mr. Chairman. 

This, I guess, is a question I would put to any of you on the 
panel. What effect would President Trump’s anticipated act to de- 
certify the Iran nuclear deal have on any potential diplomatic solu- 
tion to the North Korea issue? 

Mr. RUGGIERO. Well, I would just say that the North Koreans are 
not waiting by the phone to have a negotiated settlement. That 
would be the first. The second is that, from my perspective, it is 
the Iranians that are looking at North Korea and seeing their path- 
way to a nuclear weapon. 

The concern I have is that there are many people who are sug- 
gesting we should stay in the Iran deal, that are the same people 
that are saying we can accept the threat from North Korea right 
now and just deter them. I think that is the wrong message to 
Iran. I think that we have to, when we are looking at North Korea, 
we have to make sure that we underscore that our policy is 
denuclearization, so that the Iranians don’t see that, in 20 years, 
they have a path to a nuclear weapon. 

Mr. Pry. If I could make a comment on this. You know, we have, 
this summer, been surprised by the advancement of the missile and 
nuclear weapons threat from North Korea. I think the next big sur- 
prise that is going to face us is Iran, because we have grossly un- 
derestimated the Iranian nuclear threat. If we want to read care- 
fully the 2014 International Atomic Energy Agency report, while 
they did not come to the conclusion—the IAEA doesn’t draw these 
conclusions, but members are our commission and former members 
of the Clinton and Reagan administration intelligence communities 
looked at that report. There are indicators, technological indicators, 
that Iran already has the bomb, and that they may have had the 
bomb since before 2003. 

Before 2003, there were actually manufacturing bridge wire deto- 
nators, neutron initiators, and they had conducted an implosion ex- 
periment. In the Manhattan Project during World War II when the 
United States was at that technological phase, we were 3 months 
from getting the atomic bomb. Now, these were things they were 
doing before 2003. What is going on in those military facilities? 
Personally, I think they have already got the bomb, and that we 
are going to be surprised just like we have been about North 
Korea. 

Miss RIcE. Anyone else? 

Okay. Thank you. 

Mr. PERRY. The gentlelady yields. 

The Chairman recognizes Ms. Barragan. 

Ms. BARRAGAN. While I am looking for my questions, I just want 
to do a quick follow-up to that. I have read a lot of people who have 
opined on the Iran deal, and a lot of folks who did not support the 
deal are still coming out very publicly and saying, even though this 
is not the best deal, the manner in which the President wants to 
do it is not the way to do it, and that is a risk. 
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Does anybody have any thoughts on the manner in which it is 
being done? I will just leave it at that. 

Mr. Pry. I would like to volunteer my opinion on this. You know, 
I think the biggest risk is remaining in the deal. I see it in the 
press. I see it in the defenders of the Iran nuclear deal describing 
it that at least it has constrained the nuclear threat from Iran, that 
it has contained the nuclear threat from Iran. That is not a fact. 
There is no evidence that it is contained. Then there is plenty of 
evidence that it hasn’t contained the threat from Iran and that we 
have basically deluded ourselves in this deal into thinking that we 
have contained a threat that actually 

Ms. BARRAGAN. So I just want to respectfully—do you think the 
process in which the President is following is the right approach on 
this? Yes or no. 

Mr. Pry. I think anything that gets—yes. Anything that gets us 
out of that deal is going to be in interest of our survival. 

Ms. BARRAGAN. Thank you. 

Okay. So I want to go ahead and follow up on—just in the last 
10 days, between attacking the press and the First Amendment 
and blaming Puerto Ricans for the disaster caused by Hurricane 
Maria, the President tweeted the following in regards to North 
Korea: Our country has been unsuccessfully dealing with North 
Korea for 25 years, giving billions of dollars and getting nothing. 
Policy didn’t work. 

Next tweet: Presidents and their administrations have been talk- 
ing to North Korea for 25 years. Agreements made and massive 
amounts of money paid hasn’t worked. Agreements violated before 
the ink was dry. Making fools of U.S. negotiators. Sorry, but only 
one thing will work. 

The President’s next tweet: Just heard foreign minister of North 
Korea speak at U.N. If he echoes thoughts of little rocket man, 
they won’t be around much longer. 

Last: We can’t allow this dictatorship to threaten our Nation and 
our allies with unimaginable loss of life, he said at a meeting with 
top military officers. 

Finally: We will do what we must to prevent that from hap- 
pening, and it will be done if necessary, believe me. 

Mr. Greene, how would you characterize this administration’s 
North Korea strategy? What are the implications of the President’s 
diplomacy by tweet foreign policy, especially considering the rift be- 
tween the President and his Secretary of State, Rex Tillerson? 

Mr. GREENE. So unfortune—so I am the cyber expert here, and 
unfortunately, I am not qualified to opine on the merits or lack 
thereof a diplomatic approach. So I apologize, I am not capable of 
responding on that. 

Ms. BARRAGAN. Does anybody on the panel believe that the 
President’s diplomacy by tweeting is the proper way to go? That is 
a yes or no. 

Mr. PRY. Yes. 

Ms. BARRAGAN. Okay. Mr. Ruggiero. 

Mr. RUGGIERO. I think that is tougher to answer via yes, no. 
There is a lot in there in terms of North Korea policy. I think the 
President is right when he talks about diplomacy has not worked 
with North Korea. I think that—— 
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Ms. BARRAGAN. Don’t you think there is a threat of us getting 
into a nuclear war because the President may tweet something to 
set off the other side? 

Mr. RUGGIERO. Well, that was going to be my next point, which 
is, essentially, when you are talking about deterrence, it is impor- 
tant to telegraph to the other side what the consequence of an ac- 
tion will be. I think the United States and North Korea have done 
that, but on both sides it has gone too far. I think the evidence of 
miscalculation can happen. 

Ms. BARRAGAN. Thank you. I have one more question for Mr. 
Greene. 

Mr. PERRY. Can the gentlelady yield until we come back? We 
have got a minute to vote. I apologize, but I want to adjourn the 
committee at this time—recess—correction—the committee at this 
time. 

So a vote has been called on the House floor. The committee will 
recess until 10 minutes after the last vote. 

[Recess. ] 

Mr. PERRY. Thank you all for your indulgence and your patience. 
The Subcommittee on Oversight and Management Efficiency will 
come to order. So the Chair will now recognize himself for 5 min- 
utes of questioning. Just be apprised we are back to the 5-minute 
schedule since we don’t have votes impending. 

So let me see if I can get my head here in the game quickly. Mr. 
Cilluffo, 6,000 hackers employed in China and Southeast Asia. I 
want to talk to you about that a little bit and the indicators and 
the intelligence prep of the battlefield just to set your mind frame. 
So these hackers that are employed in China and Southeast Asia— 
and maybe I should also include Mr. Greene, because maybe this 
is some of this Lazarus—some of these Lazarus folks. I don’t know. 
But do we—obviously, it is a little tougher for us to track these 
people in China. Do we track them at all? If not China, Southeast 
Asia seems like it would be a more opportune intelligence target 
for us. Do we track them? Do the host countries where they are op- 
erating know that they are there such that we could impose a sanc- 
tion or some kind of financial penalty or some kind of penalty on 
pee DOs! country that is hosting these individuals? Is that a possi- 

ility? 

Mr. CILLUFFO. Mr. Chairman, I think that is an excellent ques- 
tion. 

To clarify, the 6,000 is not exclusively those operating overseas, 
but a vast majority or many of them actually do. But I do think 
you raise a great question here, and that is finding levers and 
points of leverage that we can have with other—including allies, by 
the way—where we can apply greater physical pressure in addition 
to cyber means. I mean, if you look at a photo, a satellite photo of 
the Koreas at night, I mean, South Korea is lit up like a Christmas 
tree; North Korea is dark. So there is very little connectivity there. 
So, obviously, when we look at some of our own capabilities and ca- 
pacities, retaliation in kind is going to have minimal effect and im- 
pact because they don’t have a whole lot to take down. So, when 
you start looking at these outposts that they do have, I think we 
do have opportunities to apply new means of pressure, and I do 
think that many of these countries are unwitting to some of these 
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operatives. So I think that that is a path that should be pursued, 
and we should light them up. 

Mr. PERRY. What about the indicators? When you say, you know, 
it is essentially IPB and that these are indicators, you talk about 
stand-alone, the broader campaign, and then indicators. For in- 
stance, keeping with Dr. Pry, if we are to be—and I think we 
should be—rightly concerned about EMP as a method—or any of 
the other things, but let’s stick with EMP—for example, would 
there be specific indicators in cyber that would clue us into im- 
pending testing, utilization, et cetera? 

Mr. CILLUFFO. You know, I think Dr. Pry rightfully framed the 
issue that, at the end of the day, it is not the modality; it is the 
question of whether or not they get into the game. If they get into 
the game, they will come in wholesale if they feel threatened. So 
I think that the indicators are significant in terms of potential tar- 
get selection. But I am not necessarily sure there would be any spe- 
cific to EMP, other than they are going after the grid pretty—so, 
if there is one critical infrastructure that every other critical infra- 
structure is dependent upon, all the life-line sectors, it is electric; 
it is the grid. They could come at that through cyber means or, ob- 
viously, catastrophically through EMP attacks. 

Mr. PERRY. I can see we are going to go to round two, so I am 
going to try and limit my comments here. But, Mr. Greene, I am 
going to get to you. So just hang on there a little bit, but I want 
to stay with Mr. Cilluffo just for continuity here. 

So you mentioned in your remarks the targeting of U.S. energy 
companies. Have they done that? Do we have the indicators that 
they have done—I mean, can we prove that at this point? That is 
known information to us? 

Mr. CILLUFFO. This is now known information, yes. There have 
been actual reports put out by the information sharing and anal- 
ysis centers for industrial control systems and for the energy sector 
in particular. There was a news report that just popped earlier this 
week specifically about a particular energy company that was 
breached. That is based on information that 

Mr. PERRY. It was breached by the North Koreans or we be- 
lieve 

Mr. CILLUFFO. Allegedly that is what the attempt is. So I think 
that one thing to notify, to keep in mind, in addition to IPB—where 
it could signal targets, it could signal intentions—it is also worth 
noting: If you can exploit, you can also attack. 

Mr. PERRY. Sure. 

Mr. CILLUFFO. In other words, if you are in the system—— 

Mr. PERRY. Right. 

Mr. CILLUFFO [continuing]. You are in the system. It all hinges 
around intentions, and if they have got a foothold in the system 
and their intention is to attack, they can also attack. 

Mr. PERRY. All right. I am going to yield, and at this time, I will 
recognize the gentleman from Louisiana, Mr. Higgins. 

Mr. HiacaIns. Thank you, Mr. Chairman. 

Dr. Pry, my questions will be addressed at you, sir. So that you 
can get your head wrapped around where I am going with this, I 
am specifically going to be asking about North Korea’s satellite pro- 
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gram and their so-called space program and the KMS-4 satellite 
launch in February of this year. 

I have read your entire testimony. It is fascinating, quite inform- 
ative. You refer to massive intelligence failures grossly underesti- 
mated North Korea’s long-range missile capabilities, the number of 
nuclear weapons, warhead miniaturization, the development of an 
H-bomb, et cetera. Do you stand by that statement, sir? 

Mr. Pry. Oh, absolutely, as does Dr. Graham, the chairman of 
our commission. 

Mr. HIGGINS. Moving on. In 2004, you stated that two Russian 
generals, both EMP experts, warned the EMP Commission that the 
design for Russia’s super EMP warhead, capable of generating 
high-intensity EMP fields, was transferred to North Korea. Not 
long after that, in 2006, North Korea nuclear tests indicated yields 
that were consistent with the size of a super EMP weapon. The 
timing and indicators of that illegal nuclear test were reflective of 
the warnings as stated by the two Russian experts. Is that correct? 

Mr. Pry. Yes, that is correct, sir. 

Mr. Hiccins. A super EMP weapon, according to your testimony, 
can be relatively small and lightweight and can fit inside North 
Korea’s KMS-3 or KMS-4 satellites. These two satellites—specifi- 
cally, I am referring to KMS-—4, because it was launched this 
year—presently orbit the United States and over every other na- 
tion on Earth through the southern polar trajectory. The south 
polar trajectory evades U.S. ballistic missile early warning radars 
and National missile defenses, which also resembles a Russian se- 
cret weapon developed during the Cold War similar to a super 
EMP weapon. Is that correct? 

Mr. Pry. Yes, that is correct. 

Mr. HIGGINS. Two experts cited in your testimony stated similar 
concerns, one confirming that current ballistic missile defense sys- 
tems are not arranged to defend against even a single ICBM or sat- 
ellite that approaches the United States from the south polar re- 
gion. Another expert stated that North Korea might use a satellite 
to carry a small nuclear warhead into orbit and then detonate it 
over the United States for an EMP strike. 

Now, considering the fact that it appears that North Korea has 
had access to a design for a super EMP warhead for over a decade 
now, according to the Russian experts that were accurate in their 
predictions of North Korean nuclear tests 2 years later and the in- 
dicators of that test, that would suggest that it was a detonation 
of a super EMP device, would you concur that it is possible or even 
probable that KMS—4 is currently super EMP-armed? 

Mr. Pry. We are very concerned about that. You know, we don’t 
know if they are nuclear armed or not, but we know Kim Jong-un 
is a high-risk player, and we think the threat is intolerable to pose 
an existential threat to our society that passes over the country 
several times a day and have recommended that the satellites be 
shot down over a broad ocean area, over the arctic region, so that, 
just in case they are salvage-fused for EMP, you know, they would 
go off over an area that would limit the damage to humanity. But, 
yes, we are very concerned about that. 

Mr. HIGGINS. Would you assess, sir, that the EMP threat is sig- 
nificant enough, that the existing EMP threat, specifically with re- 
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gards to KMS-4, would you assess that that threat is significant 
enough to warrant legislation out of this body, as suggested 
through this subcommittee, mandating the hardening of our grid 
and the shielding of our grid, as you mentioned earlier in your tes- 
timony? 

Mr. Pry. Well, absolutely. Sir, even before the North Koreans 
launched these satellites, back in 2008, that was the recommenda- 
tion of the EMP Commission because we feared exactly this kind 
of development. There are two satellites currently in orbit, one that 
was launched in 2012. They may launch them in the future. What 
they appear to be trying to do is create a constellation so that they 
will, in the near term, always have a satellite in close proximity 
to North America. You know, if we don’t act to defend ourselves 
and/or take out those satellites, you know, eventually, we will be 
in a situation where we can’t easily take the satellites out without 
the United States being at risk. 

Mr. HiacaIns. Thank you for your testimony. 

Mr. Chairman, thank you for indulging my time, and I yield 
back. 

Mr. PERRY. The Chairman thanks the gentleman, deviates from 
protocol and, in the interest of time, recognizes the Ranking Mem- 
ber, Mr. Correa, for the beginning of the second round. 

Mr. CoRREA. Thank you. 

Question, Mr. Greene, in terms of cyber—North Korean cyber at- 
tack motivation undermining the United States, what is the higher 
probability, them going after our critical infrastructure or stealing 
intellectual property from us? 

Mr. GREENE. So, with the Lazarus Group, which has been linked 
by the FBI to North Korea, it is hard to say because they have not 
shown any limitation to what they are willing to do. They have 
gone after critical infrastructure. They have gone after financial. 
They have gone after intellectual property. 

The recent report that Mr. Cilluffo was talking about is con- 
cerning because it shows this probing of the battlefield, initial ef- 
forts to try to get their way into electric systems. We had a re- 
port—not Lazarus, it was a different actor—just a couple of weeks 
ago about compromises of control systems at energy facilities. Pre- 
viously, we had seen this actor working on the back-end manage- 
ment systems. In the 2 years after that, they moved on to the con- 
trol systems. So there clearly is an effort. 

The group that was reported publicly this week has been con- 
sistent with the Lazarus Group. So to see them moving into the 
electric grid—and have public reporting on it—suggests to me a re- 
newed interest there, which is worrisome. Depending upon what 
outcome they want, you are going to get a better geopolitical out- 
come by going after the grid than you are by going after intellec- 
tual property. 

Mr. CorRREA. So, following up on that train of thought, if you go 
after Sony, if you go after bank accounts, you may be doing it out 
of a hotel room in Japan or maybe somewhere in China or, now, 
based on the fact that the Russian state-owned company 
TransTelekom is now working with North Korea, I mean, you can 
have those kinds of thefts directly and indirectly. They are kind- 
of a little vague in terms of who did it and where the smoking gun 
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is. But if you go after our power grid and you shut it down, that 
is a little more direct of an attack. I mean, that is kind-of a dec- 
laration here. 

Mr. GREENE. If you are trying to track back, technically, you are 
looking at who is doing it; it is going to be the same technical 
means to see where the attack is coming from. You rarely see the 
last hop to an attack actually come from the bad actor’s computer. 
They are going to compromise someone else’s computer. A lot of the 
attacks that happen in the United States that are based from over- 
seas, the attacking computer is actually in the United States, but 
it is compromised. It is a bot. So, from that standpoint, it could 
come from anywhere. 

Again, in terms of motivations, we have seen the Lazarus Group 
over the past couple years focus on financial gain. That temporally 
has coincided with when the sanctions have gotten worse. The 
ransomware WannaCry, there was some speculation as to whether 
they were really trying to get money out of WannaCry. There has 
been a fairly robust debate in the media circles that I spend my 
days in. But what we saw in WannaCry, it was originally miscoded 
to collect ransom. Within I believe it was 13 hours, they released 
a new version when they realized they weren’t collecting ransom. 
So that suggests to me that that actually was an effort to get 
money. Again, that coincides with the increased new sanctions. The 
same thing with the attacks on the Bangladesh banks, the Polish 
bank heists. There has been an uptick in the effort to get money. 
But, at the same time, that was soon after the Sony attack. 

So I guess what I am saying, perhaps unartfully, is that this 
group works on multiple different attacks, multiple different goals. 

Mr. CoRREA. Let me flip around the question and ask you: You 
have seen those coordinated attacks coming. Has our response 
world-wide been a coordinated defense just like it was when we got 
the ransomware just recently where most of the world kind-of re- 
acted very quickly? Do we have that kind of a coordinated response 
to North Korea? Are they part of that, you know, folks that we are 
looking at to make sure they don’t surprise us with these kinds of 
attacks? 

Mr. GREENE. So, with respect to their main actor, the Lazarus 
Group, yeah, there is pretty good coordination, public-private part- 
nership. The WannaCry response was probably the best public-pri- 
vate partnership I have ever seen. We were on the phone with 
DHS and the White House Friday night, throughout the weekend, 
connecting up our experts. They were sending us indicators of com- 
promise for analysis. We were sending them back. So there is a 
growing ability to coordinate in cyber response. It is kind-of like 
the snowball going down the hill. Over the past 3 to 

Mr. CoRREA. I would imagine the key to the coordinated cyber 
response is time. You have to do it almost instantly, within split 
seconds. 

Mr. GREENE. Yeah. So, when I first heard reports of WannaCry, 
I confirmed with our experts that this was real. I shot out a couple 
emails to the White House, to DHS, and I got almost immediate 
responses. We had experts talking and exchanging in a matter of 
minutes. That was very strong. 
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The concern I would have is that still is somewhat relationship- 
based. We need to have that happening not because these are folks 
that I know or they know me; there has to be something more 
structured in place. 

Mr. CorrEA. Thank you, Mr. Chair. 

Mr. PERRY. The Chair thanks the gentleman. 

I am going to start the second round, which looks like it is going 
to be me. Are you leaving? You gotta go? 

Mr. CoRREA. No comment. 

Mr. Perry. Okay. All right. So it will just be us. We will have 
a good time together. 

Let me just start with Mr. Cilluffo and kind-of finish where we 
were headed there. The targeting of the United States energy com- 
panies and indicators, do you know whether we are—we, the Fed- 
eral Government, Homeland Security, and related agencies—are 
aware of the indicators and are monitoring the indicators devel- 
oping that intelligence, so to speak? 

Mr. CILLUFFO. You know, in general terms, Mr. Chairman, they 
are. We recently—the Federal Government recently stood up 
CTIIC, the Cyber Threat Integration and Intelligence Center, un- 
derneath the Office of the Director of National Intelligence, which 
is meant to provide the situational awareness of all the overseas 
intelligence we may have and kludging that and combining that 
with what we may have domestically. 

Mr. PERRY. Who is collecting domestically? 

Mr. CILLUFFO. So FBI would have different indicators, but the 
private sector, they are the owners and operators. They are the 
ones who have got better insights into their own critical infrastruc- 
tures, into their data, and into particular breaches. So it really is— 
we talk public-private partnerships. I have been a little critical, 
saying “long on nouns, short on verbs.” We have been talking about 
it forever, admiring the problem. But we are starting to see some 
genuine solution sets there. I think this gets to the bigger set of 
questions. I mean, at the end of the day, the private sector is on 
the front lines of this battle. Very few companies went into busi- 
ness thinking they have to defend themselves against foreign mili- 
taries or foreign intelligence services. It is an unlevel playing field. 
So how can the Federal Government provide information, but at 
the flip side, the private sector provides some of those solution sets 
too. So it is in where the two come together that the magic is. 

Mr. PERRY. Do you have recommendations in that regard regard- 
ing a governmental—for the homeland, in particular, under- 
standing that the intelligence services, and maybe DOD is handling 
foreign threats. But for threats in the homeland, I am a little un- 
comfortable, quite honestly, feel like we are laid a little bare there 
just counting on the private sector, which, with all due respect, 
they are focused on their business and trying to make a living, 
right? 

Mr. CILLUFFO. Absolutely. 

Mr. PERRY. So this isn’t supposed to be their primary focus, but 
it seems like it should be one of ours. 

Mr. CILLUFFO. You know, and I think you should have a specific 
tiger team set up to deal with the North Korean threat in par- 
ticular, because we talk about cyber and cyber deterrence—you 


51 


don’t deter cyber. You deter actors from engaging in certain activ- 
ity, whether nuclear, cyber, or otherwise. So I do think there is an 
opportunity to build a team here specifically. 

Mr. PERRY. There is nothing currently that you know of? 

Mr. CILLUFFO. I may be unaware. Hopefully, there is some activ- 
ity inside the Federal Government. But is it as whole and whole- 
some as it needs to be? Probably not. 

Mr. PERRY. Okay. Fair enough. 

All right. Mr.—am I saying—is part of your name—I noticed Mr. 
Correa kind of kept some of it silent. Please tell me how you pro- 
nounce your name. I want to get it right. 

Mr. RUGGIERO. Sure. Ruggiero. 

Mr. PERRY. Ruggiero. Okay. Thank you. 

All right. So you talked about the Department must be pub- 
lishing a vessel list regarding North Korea—saying we think they 
have 40, but you are saying it is up to 140. It seems to me a bit 
odd. So it might be out of place. You can walk me through it. Is 
this the Department of Homeland’s responsibility? Should it be 
their responsibility? Under what kind of authority, I guess? 

Then I want to talk to you about this 180-day grace period re- 
garding sanctions to get the list. So I am not sure I understand 
that fully. So if you can elaborate us on those two things. 

Mr. RUGGIERO. Sure. In the sanctions law that was signed by the 
President, I believe in August, there are some authorities for the 
Department of Homeland Security probably would have to work 
with the Treasury Department in terms of vessel lists. The issue 
with North Korea now is it is easy to identify vessels that have the 
North Korea flag or the ones that visit North Korea. But they are 
very good at deceptive practices in the commercial and financial 
sphere where they use Chinese and Hong Kong and other front 
companies. We believe that that is some of what they are doing in 
the shipping sector, which makes it harder. 

Mr. PERRY. Okay. 

Mr. RUGGIERO. So that is where that delta comes from. That is 
why we use the phrase “at least.” There are other lists that are 
much higher than that. So, I think, you know, this is an area—my 
experience comes also on the Iran side, where we targeted Iran’s 
shipping sector, and it was very successful. That is an area now 
that we are not doing enough on North Korea, and I think Home- 
land Security could help with that. They have some authorities 
that could be used. 

I think Treasury Department, State Department—and the point 
on the tiger team, we don’t see that and the U.S. Government sort- 
of going at sanctions in this way. So I think there is some focus 
on it, but we need to have more. 

Mr. Perry. Okay. The 180 days, there is a prohibition or restric- 
tion regarding the sanctions regime? 

Mr. RUGGIERO. That is the requirement when the Department of 
Homeland Security has to make some of these judgments in the 
law. So the point I was making is you can do it earlier than 180 
days. 

Mr. PERRY. Okay. Do we know—and keeping with you, sir, you 
mentioned in your testimony the sale of nuclear materials. I don’t 
know if we are talking about equipment, et cetera, and also chem- 
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ical. Do you have any examples of those that we need to be aware 
of that we are maybe not aware of at least on the committee? 

Mr. RUGGIERO. Well, in terms of nuclear, the biggest case was in 
2007 when Israel destroyed a nuclear reactor in Syria. There has 
been, you know, rumors that North Korea exchanged nuclear mate- 
rial with Libya in that same time frame. 

On the chemical weapons side, I detail briefly in my testimony 
about the Syria connections, which are not linked to the more re- 
cent ones. But, you know, talking about chemical weapons, suits, 
and other items. I mean, these are relationships that are very 
strong between Syria and North Korea. 

Mr. PERRY. So, at least there is a documented history, maybe it 
is not updated or maybe it is not current from a known fact stand- 
point, but that might just be because we don’t know yet, we haven’t 
found out? 

Mr. RUGGIERO. My experience is, you know, as I said, North 
Korea will sell anything to anyone who is willing to pay. 

Mr. PERRY. Sure. 

Mr. RUGGIERO. You know, there was a time where we thought 
that nuclear was a line they were not willing to cross, and they 
proved that they are willing to do that. 

Mr. PERRY. Okay. Excuse me just for one moment. 

Mr. Terrell, I know you have been—you are almost exhausted 
with your participation here. Blister and nerve agents, and I think 
the world—at least I do—fundamentally believes that VX was used 
on Kim Jong-un’s half-brother in Malaysia. You know, I have got 
a little bit of military experience as well. My chief of staff is a 
chemical officer. With that, those eventualities were very con- 
cerning to anybody that has any idea what they are seeing there. 

Maybe the nerve—first, let me ask you this. I don’t know what 
your background is. But I want to just get for the record, and I'd 
like to hear from you folks. Conventional artillery—conventional— 
so I think we have assessed that the North Koreans have as many 
as 10,000 conventional tubes pointed at the 25 million people living 
in Seoul, 60-plus or -minus miles away, right? Nerve and blister 
agents or chemical agents are deliverable by conventional artillery, 
are they not? 

Mr. TERRELL. Yes, sir. They are deliverable by conventional artil- 
lery, rockets, and short-range ballistic missiles. 

Mr. PERRY. Sure. Do you know and can you comment on whether 
conventional artillery, rockets, missiles, et cetera, all require elec- 
tronics or electricity to operate? 

Mr. TERRELL. Not all of their tube artillery would. 

Mr. PERRY. Right. So that is just pulling the lanyard, right—— 
Mr. TERRELL. Pulling the lanyard. 

ae PERRY [continuing]. Downrange. Right. So that is a concern 
there. 

They have sufficient stockpiles, according to your testimony, or 
at least what I read. You didn’t dispute. 

Mr. TERRELL. South Korean ROK Minister of National Defense 
estimates between 2,500 and 5,000 metric tons. 

Mr. Perry. Right. Right. So that is certainly enough for a first 
round exchange, right? 

Mr. TERRELL. Right. 
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Mr. PERRY. What about deliverable for a long distance? You have 
mentioned rocket or ballistic missiles. So this is literally some- 
thing—let’s just take VX. Deliverable by a ballistic missile over a 
large population or a large area? 

Mr. TERRELL. So they could deliver VX or mustard blister agent 
by scuds. You know, most likely targets for those would be places 
like Busan—— 

Mr. PERRY. Right. 

Mr. TERRELL [continuing]. Looking at stopping force flow into the 
theater. 

Mr. PERRY. But we are not talking about—so, in your opinion, we 
are not talking about those being used against 
Mr. TERRELL [continuing]. By ICBM, no. 
Mr. Perry. Yeah. Not United States or United States territories, 
at least from that delivery system, right? If they chose to package 
that up, put it on a ship, put it on a plane, somehow deliver it to 
the West, and use some other methodology—as you know, VX is in- 
credibly pervasive; it only takes a little bit to go a long way—they 
could use that if they so desired in some kind of attack—— 

Mr. TERRELL. Yes. 

Mr. PERRY [continuing]. In the homeland or somewhere, one of 
our territories or one of our significant allies, right? 

Mr. TERRELL. Correct. Yes. 

Mr. PERRY. Okay. Mr. Greene, back to this Lazarus Group. Do 
you know how they were identified? Do we track them? How do we 
know—do they identify themselves? Do they claim responsibility 
for certain things? What is the story on these folks? 

Mr. GREENE. So they don’t claim responsibility. What we do is 
we see hundreds of attacks, thousands of attacks every day, and we 
classify them. We analyze them and are able to compare snippets 
of code, the techniques, code obfuscation, IP addresses, different 
techniques. We are able to group certain attacks. So, based on that, 
the first grouping that I am aware of is 2009; they were reported 
as being behind some denial-of-service attacks. 

So, moving forward from that, what we see is code reuse or other 

techniques and other tools that are reused that are 
Mr. PERRY. That is how you identify them—— 
Mr. GREENE. Correct. Yeah. 
Mr. PERRY. Do they call themselves the Lazarus Group, or is that 
our common terminology to describe 
Mr. GREENE. That is our name. There are other names for the 
same group. But, for us, it is a large group that encompasses vir- 
tually all of the activity that has been attributed to North Korea. 
Mr. PERRY. Okay. Because you are attributing those actions to 
different techniques and the markers that you have already dis- 
cussed, we don’t know them by name, individual persons, or loca- 
tions, or can we glean that at some point from the work that they 
are doing? 

Mr. GREENE. It is getting harder. Oftentimes, you can determine 
back to a location. We can often find with some high level of con- 
fidence a city or even a time zone where something is coming from. 
But that is through a variety of means. Sometimes we can tell— 
you know, they leave timestamps when they compile a code. They 
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work 9 to 5. A certain time zone, they take certain holidays off. 
They have gotten better at hiding that. 

What we as a technology company have a hard time doing is say- 
ing, who is sitting behind that computer? We may know that they 
are in a particular, you know, Eastern European country, but what 
you see is an overlap between sometimes you will have criminals 
working; sometimes criminals will work for the government; some- 
times government workers will moonlight as criminals at night; 
sometimes you will have these so-called hacktivist groups that will 
work for the government or be duped into doing it. So we leave 
that to the intelligence community, that last mile, so to speak, of 
attribution of the intent. From a technical standpoint, not some- 
thing we can peer into. 

Mr. PERRY. Are these countries typically—these are probably 
countries—I don’t know. Are they typically countries that are not 
necessarily openly hostile to the United States but not necessarily 
welcoming as allies in the fight against terrorism or otherwise? 
Can you characterize that either way? 

Mr. GREENE. With the Lazarus Group, I would have to go back. 
I can get back to you. I am not sure how well we have defined the 
actual origination point of the attacks or the code. We are grouping 
them—we are relying, as I said, on the U.S. Government to tell us 
that this is a North Korean actor. What we can tell with a high 
level of certainty is that a certain set of attacks are the same. So, 
for instance, when WannaCry came out, we knew that it was—rel- 
atively quickly, had a high level of confidence that this was Laz- 
arus. We didn’t know through telemetry that it necessarily came 
from North Korea. But we knew that this was the same actors for 
a bunch of different reasons. That became more certain over time. 
So I don’t know—and I could get back to you—that we can tell you 
specifically—actually, I am quite confident Lazarus—no one really 
knows who patient one was with the bad outbreak of Lazarus. That 
hadn’t been resolved yet or even what the initial entry point was. 
But that is one that, as I said, spread autonomously on its own 
once it got launched. 

Mr. PERRY. You are a private entity, and you report your find- 
ings and, I imagine, work with the Federal Government and var- 
ious agencies, whether it is intelligence agencies or otherwise, re- 
garding your findings, but you don’t really know whether they go 
the last mile or not, or do they ever report that to you? Do you ever 
get any feedback regarding your inputs to know that they were 
ever resolved? Or how does that work? 

Mr. GREENE. Split that in two. With respect to attribution to a 
nation-state, very rarely I can even think of where we didn’t find 
out by picking up the paper—archaic—looking on-line and seeing 
that the Government has now attributed X to Y country. 

We do get feedback on the quality of the work we do and the as- 
sistance we have provided. Again, going back to WannaCry, be- 
cause it is fresh in my mind, we got a lot of quick feedback from 
the Government saying, okay, this was helpful, what do you think 
about that. That was United Kingdom also. We work with other 
countries as well. So we have a give-and-take on a technical level. 
But when it comes to—and we were sharing our thoughts on where 
we thought this was coming from in terms of a connection to Laz- 
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arus. But we didn’t get a, “You are right; we agree with you on 
that.” We just pass that part along. 

Mr. PERRY. You don’t know whether Treasury or any other Fed- 
eral Government agency has pursued these individuals for prosecu- 
tion or the host countries for notification/apprehension or inves- 
tigate—you don’t know any of that, do you? 

Mr. GREENE. Not with Lazarus. I know in other groups they have 
indicted Chinese hackers, Iranian hackers, extradited some from— 
I believe Ukraine, maybe Bulgaria. We know of some actions, and 
we assist in some law enforcement actions. But with respect to 
Lazarus, don’t know of anything. 

Mr. PERRY. Okay. We might ask you to comment further off the 
record in an effort to determine what can be done from your view- 
point. It is one thing to identify them. Right? But there is—in my 
mind, there is really—I mean, obviously there is a reason to iden- 
tify them. But if you skip the next series of steps where you go get 
them or deter them through the host country that may even not— 
they might be victims, as well, right? But if we know and we don’t 
take the next steps, I mean, that is pretty foolhardy. We have 
spent the energy, and the time, and the money, and then we are 
moving on to the next threat, right, which is coming momentarily. 

Mr. GREENE. From our perspective as a company, looking to pro- 
tect ourselves, our customers, we are more focused on the how than 
the who. The who sometimes informs defense. 

There is one thing that you might find interesting: There was a 
group of security companies that got together a couple years ago 
for something we called Operation Blockbuster, which was a joint 
effort to go after Lazarus, to try to degrade their efforts, sharing 
a lot of telemetry across different companies. So that is the kind 
of thing going to what Mr. Cilluffo was talking about. You see a 
lot of security companies. We are competitors, but we also are all 
working towards the same end. That was, to some degree, a suc- 
cess. It is the proverbial marathon, not the sprint, though. 

Mr. PERRY. Sure. While you might be looking more at method- 
ology than the—the what as opposed to the who—I think the Fed- 
eral Government has to be looking at both. 

Mr. GREENE. Sure. 

Mr. PERRY [continuing]. We are glad that you are looking at 
the—and your expertise might be in the what. But we have to, I 
think, be interested in the who. You can’t be, right? You are not 
a law enforcement agency —— 

Mr. GREENE. Right. 

Mr. PERRY [continuing]. But the Federal Government is. 

Okay. Thank you. 

Dr. Pry, why did I write “Louisiana projects” on my notepad? 

Mr. Pry. Oh, probably because that is a project that the EMP 
Commission launched in cooperation with the Department of 
Homeland Security to develop a plan to protect the Louisiana elec- 
tric grid. We don’t know if it is going to survive the death of the 
EMP Commission. But, you know, our argument has been that we 
don’t have to keep studying the problem for years and years, that 
we know how to protect the grid now. We can do it now. We can 
do it in a cost-effective way. 
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The people of Louisiana, actually, they are the ones that took the 
initiative through their Louisiana Public Service Commission to 
ask Secretary Kelly, who was then the Secretary of Homeland Se- 
curity, under SEPA, to help them come up with a plan to protect 
the Louisiana electric grid. DHS is currently doing that. It has al- 
ready done some good work. But what we want to end up with is 
a detailed blueprint that they could actually implement, in a cost- 
effective way, that will to prove to those who disagree with the 
EMP Commission that we can do the job now, we can do it with 
the current technology, and it can be done cost-effectively. 

Mr. PERRY. We don’t have the detailed blueprint at this time? 

Mr. PRY. No, not yet. It is just the 

Mr. PERRY. What is it going to take to complete it? 

Mr. Pry. It is going to take some time, for one thing. Right now, 
the people who would normally be working on the plan are helping 
out in Puerto Rico right now. So that delayed it. Okay? But it will 
take—once they are over that and they can focus on this plan, it 
will take 3 to 4 months. They are willing—DHS has been putting 
$300k into it. It would have been good to have another $170,000. 
The EMP Commission was going to kick that in, but now we are 
out of business. So we weren’t able to do that. But so for less 
than—it can probably be done for the $300k. 

Mr. PERRY. So you said it is a matter of months, understanding 
and agreeing that we get past the situation, the disaster, in Puerto 
Rico, and getting those folks back in power, et cetera. So it is a 
matter of months there, and less than $200,000 or something like 
that. Why is the EMP Commission out of business? 

Mr. Pry. Well, we were scheduled legislatively—that is a good 
question and a complicated one. But under our charter—commis- 
sions typically last about 18 months. All right? So we reached the 
end of our life, and nobody asked the Commission to be extended. 
The Department of Defense didn’t. The Department of Homeland 
Security didn’t. You know? 

Mr. PERRY. Does that take legislative action, sir, as far as you 
know? Or is that something that can be done from a regulatory 
side? 

Mr. Pry. It would take legislative action to continue the EMP 
Commission, or it could be done by a Chairman of a committee. For 
example, Chairman Johnson, you know, has got the power, as the 
Chairman of the committee, to basically continue or establish a 
commission. Now, he wouldn’t be able to pay for it on his own. He 
would have to have the cooperation of the Chairman of the Senate 
Appropriations Committee if it was to be funded. However, I can 
tell you the EMP Commissioners have been working for 17 years 
pro bono. Commissioners do not get paid. I haven’t been mostly 
paid. So we are used to working for nothing. 

Mr. PERRY. Okay. 

I, like Mr. Higgins, am concerned—I didn’t realize Ms. Jackson 
Lee is here. So I am going to suspend my questions. But I am going 
to come back to you, Dr. Pry. But I am going to recognize Ms. Jack- 
son Lee for her questions. 

Ms. JACKSON LEE. Mr. Chairman, thank you very much. To the 
witnesses, thank you for yielding to me. 


57 


This is a very important discussion. I wish I could spend the 
time that the Chairman has now spent. But I know that we will 
have a very extensive record. I appreciate you for that. 

Let me just go directly to Mr. Greene and pursue recent reports 
about North Korea’s capacity for attacking the grid. We under- 
stand, those of us who have been on this committee—I have 
chaired the Transportation and Infrastructure Committee. I am on 
Cybersecurity. So I have seen all of the nuances of homeland secu- 
rity and National security, and we now have a new hurdle. I think 
one of the most difficult and challenging parts of the hurdle is that 
85 percent-plus of our critical infrastructure is in the hands of the 
private sector. So what capacity does North Korea have in the at- 
tack on the critical infrastructure? What would be their inclina- 
tion? I would suspect that they would say, “Let me drop my other 
options, and this looks like this is either more fun or more dev- 
astating or far-reaching impact,” or “I can readily see how the im- 
pact is.” What is your assessment on that? What is your assess- 
ment on our protection against it? What is your assessment on our 
steps to address something like that? 

Mr. GREENE. So I would say the reports that came out in the 
past week have been about really the first steps of an operation to 
implicate the grid. The reports that I saw were by the group that 
we call Lazarus, spear-phishing emails, attempts to get a bridge- 
head on control systems—I am sorry, just any systems at these en- 
ergy facilities. Most of the reports have said they have been unsuc- 
cessful. But, you know, cyber can be like seeing one bug in your 
house. Where there is one, there is usually a lot that you can’t see. 
So that suggests to me that there is a lot of other activity going 
on 


Cyber is one of those things where you really are subject to the 
weakest-link theory. Eventually, they are going to find a way onto 
some system. That goes, also, to your question about the prepara- 
tion of the grid generally. There are a lot of companies that have 
taken significant steps in recent years. NERC did take a very long 
time to get some regulations out, but they are being followed. But 
the problem is you do have the over 3,000 different utilities that 
Dr. Pry mentioned, and you don’t need to compromise the biggest 
to have some kind of impact. 

In terms of whether they are there yet, I haven’t seen any evi- 
dence to suggest that they have actually gotten onto the control 
systems. We have seen that with other different actors but not yet 
with Lazarus. Doesn’t mean they are not trying. Now, one thing 
that may be in our favor is 6,000 sounds like a big number of cyber 
warriors, so to speak, but it is not as big as some other countries. 
Control system knowledge, the ability to compromise control sys- 
tems is fairly specialized. I don’t know yea or nay whether they 
have that, very well could be trying to develop that. But there are 
a lot of hurdles they have to go through. But, as with the progress 
we have seen with nuclear and elsewhere, it is not going to stop 
them from trying. So I hope I answered the breadth of your ques- 
tions. 

Ms. JACKSON LEE. Do you think we are a year away, months 
away, years away, in terms of their capacity to hack a very, very 
vital network here in the United States? We are sophisticated. We 
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are dependent on technology. Our power grid is in varying states 
of repair or disrepair, and our technology is questionable in light 
of the private-sector ownership as to whether the sufficient fire- 
walls are there. You mentioned the concept of breaching some- 
one’s—I call the technological wall and that there is that kind of 
activity going on. 

So where do we need to be in terms of the government? I believe 
we should not be in a voluntary mode of getting the private sector 
to be required to document that their systems are secure. We don’t 
have a requirement of secure documentation. To take down our 
grid is weaponry. So how far away are they from that? 

Mr. GREENE. So I don’t know the specifics of their capabilities, 
but I can draw an analogy to this group, Dragonfly Group, ex- 
tremely sophisticated. We saw them take about 2 years to go from 
management systems, back-end systems, to control systems. We de- 
tected them on those systems earlier this year. So, depending upon 
their level of expertise, it could take them—it also depends upon, 
to some degree, on luck, if they find the right vulnerable system 
and the right human frailty, they could get on sooner. There is a 
level of understanding that it would take. Just being on the system 
wouldn’t be enough. You have to have a certain level of knowledge 
of the energy grid generally. 

But one thing that we have seen Lazarus to be quite good at is 
that the reconnaissance element of the operation. So I suspect what 
we saw reported earlier this week is the proverbial tip of the ice- 
berg of the efforts that have been going on. 

Ms. JACKSON LEE. So you believe there is a will and they are 
making a way, meaning that they would be interested in doing 
this, this would be one of the elements that they would find attrac- 
tive in terms of attack on the United States or any other country 
that they are at odds with? 

Mr. GREENE. I think they are not alone in that. There are other 
major—likely nation-state actors looking to get on the—a beach- 
head onto the systems. The question becomes, at that point—we 
talked about it—would be intent and the understanding of the im- 
plications of doing it. 

With respect to Dragonfly, we have reported that there are no 
technical limitations left for them to be able to cause impact, sig- 
nificant impact, to energy operators. The bridge they would have 
to cross is a willingness to do it, understanding the implications to 
themselves and their own economies and potential retaliation 
Ms. JACKSON LEE. Do you think Russia would have any collabo- 
ration on this since they were engaged in power attacks in 
Ukraine? 

Mr. GREENE. I just don’t have any knowledge on that. I am sorry. 
Mr. Chairman, would you yield me a few more minutes? I appre- 
ciate it. 

Mr. PERRY. Madam. 

Ms. JACKSON LEE. Thank you. 

I see a head going on Dr. Cilluffo. Do I have it almost right? 

Mr. CILLUFFO. Close enough. I have been called much worse. 

Ms. JACKSON LEE. It is hard to read it from this distance. 

But this is something that I think I am beginning to believe that 
there are some elements of business choices and the respect we 
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have for the capitalistic system that requires our very keen study. 
One of them is the infrastructure of cyber that is in the private sec- 
tor and what firewalls that have an overwhelming impact. So I 
yield to you, and I want to go to Mr. Terrell. So I don’t want to 
lose my—on another matter, Mr. Terrell. 

Yes. 

Mr. CILLUFFO. Ms. Jackson Lee, I mean, thank you for the ques- 
tion. I think you raise an important point here. First, not all crit- 
ical infrastructure is equally critical. When you get to the most 
critical, those that affect our so-called lifeline sectors, that affect 
public safety, National security, and economic security, the grid is 
at the top of the list. I don’t care how robust everything else is, if 
you don’t have power, it is kind of futile. 

Ms. JACKSON LEE. There you are. 

Mr. CILLUFFO. So, yes, they are a unique set of entities. 

On the Russia side, what they demonstrated both in 2015 and 
2016, a Rubicon was crossed in that case. So we all thought, 
coulda, shoulda, woulda, that these were potential threats. But in 
this case, they actually intended to signal a capability. Because 
they followed up the disruptive attacks with a digital telephony de- 
nial-of-service attack, basically an in-your-face “ha ha, we got ya” 
response to the first attack. 

The reason I jumped into this fray was because, obviously, North 
Korea is dependent upon China for much of its support and the 
like. But you are slowly starting to see Russia fill that breach. In 
fact, it was a Russian company that just moved in to provide inter- 
net access service to North Korea—since the Chinese capabilities 
have been minimized—to have back-end capability. So I do think 
you have got a bigger set of issues here. There is quite a bit of 
chatter that Russia has been supporting and working—whether the 
State, or whether through its proxies, organized crime, hard to dis- 
cern who is behind that clickety-clack of the keyboard. But there 
is a lot of interest there. 

This comes to a point, Mr. Chairman, you brought up earlier. 
One of the most vexing challenges is that you are—there are digital 
safe havens. A vast majority of these bad actors are playing in 
China and Russia. We lack extradition treaties with both of those 
countries. The reality is, is we have to get more and more creative 
to be able to extradite them when they go to countries that the 
United States does have a cooperative relationship. 

So this issue, as complex it is vis-a-vis North Korea, the cyber 
issue also has to be seen—it can’t be seen in isolation of all of these 
other matters, because it really is about the safe havens. Russia 
and China are there, and I think Russia is filling the breach that 
China has been abrogating in North Korea. 

Ms. JACKSON LEE. He is giving me—I am not going to look in his 
direction because his gavel might be moving. So I am going to take 
his kindness. I am very glad he had this hearing. 

I think you should give us, maybe in writing, our marching or- 
ders. Don’t think that I am asking you to be presumptuous. So you 
said safe havens. I would like to get maybe five points for the 
record. If you have five points that you can say quickly without ex- 
planation, the safe havens. You know, I am concerned about the 
vastness of the private sector in these critical areas that you have 
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talked about. The firewall that we have, you know, it is in the pri- 
vate sector. We have voluntary—and if you call us, we can come. 
What more can we do that strengthens their protection, if, in fact, 
their own internal systems are not where they need to be? Because 
this is National security issues when another country hacks XYZ 
Corporation that is dealing with the power grid or dealing with the 
hospitals or dealing with research. It is very important. 

Mr. CILLUFFO. Is that a QFR? Is that question for me to follow 
up on? Or are you looking for? 

Ms. JACKSON LEE. Well, give me one because I am going to go 
to Professor— 

Mr. CILLUFFO. Well, I—so this is not to the punt the issue—— 

Ms. JACKSON LEE. Give me 

Mr. CILLUFFO [continuing]. But, quite honestly, I don’t think we 
are ever going to firewall our way out of this problem. By that I 
mean the initiative remains with the attacker. So, if you think of 
it in the traditional red-blue military kind of environment, we have 
to shape the environment so it is in our best interest to—so that 
is not to abrogate all the cybersecurity responsibilities, but the ini- 
tiative will always be with the attacker. The attack surface is grow- 
ing exponentially. Every day, the attack surface grows, and secu- 
rity still tends to be an afterthought. When we start thinking of the 
internet of things and the network devices that are coming on 
board, we are never going to simply be able to firewall our way out 
of this problem. 

I actually feel the private sector has been given an unfair—they 
are defending against nation-states. So we have to level that play- 
ing field. Without going into a totally different direction, I think we 
need to be a little more proactive in shaping the environment so 
it is in our best interests. 

Ms. JACKSON LEE. Thank you. This needs to be pursued along 
other lines. I have probably a different view. But let me just—but 
I thank you for that view. The safe havens is something that we 
need to ascertain. 

Mr. Terrell, I want to get to the question of North Korea’s danger 
to the homeland. Maybe get you to—first of all, let me say that I 
am a proponent of the non-nuclear agreement with Iran. You might 
offer to comment on the idea of—first of all, that doesn’t mean that 
you do not look at the compliance and other elements that may 
need to be of concern. That is not a blanket. That is a vigilant on 
the other elements of Iran’s terrorism, propping up Assad, and 
other things. But when you look to the agreement, you have to look 
to the four corners of it, whether or not there is compliance, wheth- 
er there is access. All of those, at this point, have not been negated. 

But I think the point that I want to raise is, if you can ascer- 
tain—if you said it, please forgive me, but I would like to hear it— 
where North Korea is right now in their capacity. I don’t want the 
news articles, they can get to Alaska, they can get here, wherever 
their head of government chooses to say on any given day. But 
your ascertaining his—where he is, where the country is, and the 
likelihood of his efforts, if you will, that would be helpful. 

Mr. TERRELL. Yes, ma’am. You know, with respect to the dif- 
ference between Iran and North Korea, just very quickly, we have 
to deal with every country and every threat in the unique situation 
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that that threat exists in. So, you know, Iran doesn’t match per- 
fectly to North Korea. North Korea doesn’t match perfectly to Rus- 
sia. So, you know, approaching each one tailored to that threat is 
important. 

So where North Korea sits with their willingness and ability to 
attack the homeland today using nuclear or chemical weapons, you 
know, the nuclear program, he has an ability to employ nuclear 
weapons today. It is a matter of where can he employ them and 
when and why would he employ them. So, in understanding North 
Korean rationale, they are an extremely rational actor from their 
perspective. They do things that are in their national interests, in 
solidifying his security as the head of state, in solidifying his secu- 
rity within the region. 

This is—he has a population surrounding him that almost no- 
body remembers a time when the Kim family was not in charge. 
For 67 years, they have all been told everything that is wrong in 
North Korea is the Americans’ fault. 

Ms. JACKSON LEE. Uh-huh. 

Mr. TERRELL. So, when pushed into a corner, he will have rea- 
son, from his perspective, he can create a rationality to attack, if 
he feels he needs to. He is going to try to deter us because he still 
has two operational regional objectives to try to accomplish. The 
family has always said unification of the Korean Peninsula is im- 
portant. So can he do that in such a way where he can keep the 
United States from not supporting the Republic of Korea and not 
supporting Japan and keep Japan out of a war? Can he do this ei- 
ther—or, if he can’t reunify initially, can he reach an actual peace 
treaty on the peninsula that solidifies his position? Because in so- 
lidifying his position with just a peace treaty, he can say, “I have 
finished what my grandfather started,” and he sets himself up for 
long-term control in North Korea, which is why the—a global cam- 
paign pressure or pressure campaign that cuts off funding from the 
outside, cuts out support, weakens that position. 

So the challenge becomes, you know, can he attack us? Yes. Can 
he attack us effectively yet? He is almost there. 

The North Koreans have also demonstrated they are not nearly 
as interested in the actual precision that we may be interested in. 
If he can attack Seattle, does he care if he can attack directly at 
and hit directly on top of the Space Needle? No. But if he can hit 
Seattle, he can hit Seattle. If he can hit the United States, he can 
hit the United States. So his threshold of use may be lower than 
ours. His threshold of accuracy will be lower than ours. 

So, you know, we may not be there tonight. We may be there 
next week, or we may be there next month. But we are at the point 
where he is going to have the ability to attack the United States 
and with an intent of killing Americans. You know, just hurting us 
a little bit isn’t as important to him as it is killing us. In North 
Korea, they remember the U.S. bombing campaign during the Ko- 
rean war was, if there is two bricks stacked on top of each other, 
the United States is going to destroy those two bricks. They are 
going to want to inflict as much damage as they possibly can if 
they attack. 

Mr. PERRY. Will the gentlelady yield? I have got a hard stop. 
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Ms. JACKSON LEE. I would be happy to yield. Mr. Chairman, is 
he allowed to say his one action to stop that? I will be happy to 
yield back, Mr. Chairman. 

What is our action? What is our action? I believe if he sees other 
agreements being abandoned, we certainly don’t have an oppor- 
tunity of diplomacy. But go right ahead. 

Mr. TERRELL. The overall means of dealing with North Korea 
today, we are at this point where we have to continue the cam- 
paign pressure or the pressure campaign. We have to demonstrate 
our resolve. We have to be able to talk to them. 

It may not actually end up being a negotiated solution. But over, 
you know, the entire course of the Cold War, in deterrence with 
Russia, we talked to the Russians. We talked to the Soviets. They 
understood our message. We understood their message. 

We have to have those means of being able to talk to the North 
Koreans so we can have an effective deterrent while we get to a 
solution that hopefully does not include going to war. 

Mr. PERRY. The Chair thanks the gentleman. 

The Chair thanks the gentlelady. 

Ms. JACKSON LEE. Mr. Chairman, you have been generous with 
your time. Thank you. 

Mr. PERRY. Dr. Pry, I just want to finish up here with you, if I 
could. I, too, like Mr. Higgins, am concerned and interested in the 
satellite array and the capabilities therewith that North Korea has. 
Can they potentially launch on EMP device from one of those sat- 
ellites? Is it something that is launched from the satellite? Does the 
satellite come out of orbit? Does the satellite deploy something? 
How does that work? 

Mr. Pry. We are concerned because the satellites, the orbit, the 
trajectory, the purpose of this, resembles this secret weapon the So- 
viets came up with during the Cold War called the Fractional Or- 
bital Bombardment System. Basically, the satellite has a nuclear 
weapon inside of it. You orbit the satellite so it is at the optimum 
altitude already for putting an EMP field 

Mr. PERRY. You are saying it is currently there right now? 

Mr. Pry. Yeah, it is. It passes over us several times a day at that 
place. All you have to do is detonate it when it arrives. Because we 
don’t have ballistic missile early warning radars facing south, we 
don’t have interceptors facing south, we are blind, defenseless from 
that direction, which is why it is on a south polar orbit. 

Now they have got two of them there. I find it—we might have 
actually seen a dry run of a North Korean total information war- 
fare operation back during the 2013 nuclear crisis we had with 
North Korea after their third nuclear test. That was on April 16, 
2013. You know, it coincided with lots of cyber activity attacks from 
North Korea. But that was the day of the Metcalf transformer 
shooting. Okay? We don’t know who did that. But when the people 
that train the U.S. Navy SEALs went in there, they said they 
thought this was a nation-state operation. This was done the way 
the SEALs would have done it in terms of all their techniques. On 
that very day is the day the KMS—2 passed over Washington, DC, 
and New York City. So you had events that threatened the western 
grid and the eastern grid simultaneously on that day. We don’t 
know if it was North Korea that did Metcalf. But for sure that was 


63 


their satellite passing over Washington, DC, and the New York 
City corridor. 

Mr. PERRY. So the two satellites they have right now, they—ap- 
parently, one at least passes over New York City—the East Coast, 
New York City, Washington, DC, and the other one? 

Mr. Pry. Well, they actually—every time they do an orbit, they 
pass other another 90 miles to the east. So there are times 
Mr. PERRY. I see. 

Mr. Pry [continuing]. When it is right over the center of the 
United States and then passes over the eastern 
Mr. Perry. And there are times, apparently, that there are none 
potentially none 
Mr. PRY. Yes. That is 
Mr. PERRY [continuing]. Over the United States? But your testi- 
mony indicates that they would like to fill the array so that there 
is ever one present? 

Mr. Pry. Right. I mean, it used to be that, basically, you would 
have to wait 90 minutes. All right? Now, it is 45 minutes. 

Mr. PERRY. We don’t know what is in the satellite? 

Mr. Pry. No, we don’t. According to the North Koreans’ official 
position, it is an Earth observation satellite for peaceful purposes. 
But then Kim Jong-un and North Korean press have actually in- 
cluded it in their descriptions as part of their nuclear deterrent. 
There are quotations from them to that effect in the 

Mr. PERRY. When you say a deterrent, they might say: Well, 
look, we are just photographing sites where nuclear armaments in 
the United States might be launched from to see if there is any ac- 
tivity, and, thus, it is a deterrent. 

I mean, right? They could say that. 

Mr. Pry. Of course, they could say that. They have also described 
it as a peaceful, you know, satellite. But why they would be inter- 
ested in, I mean, the health of the forests in North America is, you 
know, open to question. 

Mr. Perry. Right. I suspect they would consider disruption, re- 
moval, whatever you want to call it, of that satellite or any of those 
satellites as an act of aggression and war. 

Mr. Pry. Sure. But the satellites are illegal in the first place. 
They were not supposed to have been launching satellites, which 
is part—and not on that trajectory. 

Mr. PERRY. So what is the recourse for nation-states or nations 
that launch satellites in violation of whatever sanction or whatever 
U.N. requirements, whatever requirements are that make them il- 
legal? What is the remedy? 

Mr. Pry. I think the only remedy for that is going to be to shoot 
those satellites down. 

Mr. PERRY. Why hasn’t that been done already? 

Mr. Pry. I don’t know. I don’t know why it hasn’t been done. 

Mr. PERRY. Gentlemen, you have been very gracious with your 
time. We appreciate your testimony more than you can imagine. 
We appreciate your diligence in being here and waiting the extra 
time for the vote and then staying after. We probably will have 
some due-outs for at least some of you, I know I will, and maybe 
we will see you again. We hope we have better news or at least im- 
proved news the next time we get together. 
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At this time, the Chair thanks the witnesses for their valuable 
testimony and the Members for their questions. Members may have 
some additional questions for the witnesses, and we will ask you 
to respond to these in writing. 

Pursuant to committee rule VII(D), the hearing record will re- 
main open for 10 days. 

Without objection, the subcommittee stands adjourned. 

[Whereupon, at 4:48 p.m., the subcommittee was adjourned. | 


APPENDIX 


QUESTIONS FROM CHAIRMAN SCOTT PERRY FOR FRANK J. CILLUFFO 


Question Ja. As the owners and operators of critical infrastructure, the private 
sector is placed in a unique position to maintain and operate their business while 
at the same time trying to defend themselves against potential, unwanted attacks 
from foreign militaries or foreign intelligence services. 

What type of public-private partnerships can be put in place to assist private in- 
dustry, who you labeled as “on the front lines of this battle,” in thwarting attacks? 

Answer. Response was not received at the time of publication. 

Question 1b. Additionally, during the hearing, you mentioned setting up a “tiger 
team” to specifically deal with the North Korean threat. Can you elaborate on this 
point? Who would comprise this team and what agency would lead this effort? 

Answer. Response was not received at the time of publication. 


QUESTIONS FROM HONORABLE JOHN RATCLIFFE FOR FRANK J. CILLUFFO 


Question 1. Some nations outsource their malicious cyber work. They hire hackers 
using covert means or otherwise distance themselves from the actual hack. These 
“hackers-for-hire” make attributing attacks to particular nations difficult. Do the 
North Korean’s use similar tactics when conducting their cyber campaigns or are 
they more overt in their tactics? 

Answer. Response was not received at the time of publication. 

Question 2. What are the kinds of things experts look for when attributing par- 
ticular cyber attacks to North Korea? Does their cyber activity have unique charac- 
teristics—technical or otherwise? 

Answer. Response was not received at the time of publication. 

Question 3. What can we do to deter North Korean cyber actors? 

Answer. Response was not received at the time of publication. 


QUESTIONS FROM CHAIRMAN SCOTT PERRY FOR JEFF GREENE 


Question 1a. During the hearing, you discussed the coordinated response to the 
Wannacry ransomware attack which occurred in May 2017. You stated: “The 
Wannacry response was probably the best public-private partnership I have ever 
seen.” However, you also stated that you remain concerned that a response of that 
type was somewhat relationship-based and needs to be more structured. 

What type of formalized process of information sharing between government and 
industry to you suggest? 

Answer. Response was not received at the time of publication. 

Question 1b. Which Government agency should lead this effort? 

Answer. Response was not received at the time of publication. 


QUESTIONS FROM HONORABLE JOHN RATCLIFFE FOR JEFF GREENE 


Question 1. Some nations outsource their malicious cyber work. They hire hackers 
using covert means or otherwise distance themselves from the actual hack. These 
“hackers-for-hire” make attributing attacks to particular nations difficult. Do the 
North Koreans use similar tactics when conducting their cyber campaigns or are 
they more overt in their tactics? 

Answer. Response was not received at the time of publication. 

Question 2. What are the kinds of things experts look for when attributing par- 
ticular cyber attacks to North Korea? Does their cyber activity have unique charac- 
teristics—technical or otherwise? 

Answer. Response was not received at the time of publication. 

Question 3. What can we do to deter North Korean cyber actors? 

Answer. Response was not received at the time of publication. 
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QUESTIONS FROM HONORABLE JEFF DUNCAN FOR PETER VINCENT PRY 


Question 1. If an EMP attack were to occur, what electronic components or sys- 
tems would sustain the most damage? Do you know if any attempt has been made 
to protect these systems? 

Answer. All electronic components and systems would be at risk in an EMP at- 
tack. Long-line and large systems and their electronic components—for example, the 
99 operating U.S. nuclear power reactors and their on-site stored spent fuel cooling 
systems, power grids, telecommunications, pipelines (gas, oil, chemical, water etc.)— 
would be most at risk because they would collect and could be damaged by both 
high-frequency (E1) and low-frequency (E3) EMP. Supervisory Control And Data Ac- 
quisition Systems (SCADAS) are among the most vulnerable and most important 
electronic systems. SCADAS numbering in the millions make possible our modern 
electronic society, running everything from electric grids to traffic lights. While 
there are some cases where utilities and industry have voluntarily protected some 
of their SCADAS and other critical electronics from EMP, on the whole the critical 
National infrastructures are unprotected. 

Question 2. The Congressional EMP Commission recently terminated. How do you 
think this will impact the Department of Homeland Security as they move forward 
in EMP preparedness, especially in light of North Korea? 

Answer. Termination of the EMP Commission will halt and reverse progress being 
made toward National EMP preparedness, despite the clear and present danger of 
an EMP attack from North Korea. For example, the Louisiana Project, started and 
supported by the EMP Commission, is likely to be killed by DHS, now that the EMP 
Commission is terminated. In this project DHS is working with the Louisiana Public 
Service Commission to develop a plan to protect the Louisiana electric grid—to 
prove that cost-effective EMP protection can be accomplished now, pioneering a 
pathway toward EMP preparedness for all the States. The Louisiana Project is justi- 
fied by and is an example of implementation of the Critical Infrastructure Protection 
Act (CIPA). Yet the recently established DHS EMP Task Force, that owes a report 
to Congress in December on CIPA implementation, was not even aware of the Lou- 
isiana Project, and showed no interest in the Louisiana Project. Obama-holdovers 
and bureaucrats at DHS who have most obstructed progress toward National EMP 
preparedness have been promoted by the current administration, while those most 
committed to EMP preparedness are an endangered species. DHS and DOE are still 
following the Obama administration’s policy on EMP—let the North American Elec- 
tric Reliability Corporation (NERC) and the electric power industry drive the bus. 
Let the National labs takeover the EMP problem to be used as a cash cow to milk 
for millions of dollars in unnecessary and erroneous studies, that will justify NERC 
inaction on EMP. 

Question 3. Why would North Korea strike the United States with an EMP attack 
instead of a more traditional bomb, if they have the capabilities for both? 

Answer. A traditional bomb can be used to make an EMP attack or blast a city, 
and North Korea might well do both. Indeed, in order to blast U.S. cities, North 
Korea would have to penetrate U.S. National Missile Defenses, which could be facili- 
tated by a precursor nuclear EMP attack. North Korea might also salvage-fuse war- 
heads aimed at U.S. cities so that, if they are intercepted, they detonate for EMP 
attack. Compared to traditional use of a nuclear weapon for blasting a city, nuclear 
EMP attack is easier to execute and would be more effective at damaging the Na- 
tion’s life-sustaining critical infrastructures and capabilities Nation-wide that are 
essential for military power projection. Unlike blasting a city, EMP attack does not 
require a reentry vehicle to penetrate the atmosphere or an accurate guidance sys- 
tem. Unlike blasting a city, a single nuclear weapon used for EMP can attack the 
whole Nation. 
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